ASP.Net zero day vulnerability - Padding Oracle exploit
An ASP.Net cryptograhic zero day was publicly disclosed today.
Microsoft has released an advisory to help customers understand the vulnerability and apply workarounds to secure their sites. The advisory is at http://www.microsoft.com/technet/security/advisory/2416728.mspx.
The Microsoft Security Response Center (MSRC) has released a blog at http://blogs.technet.com/b/msrc/archive/2010/09/17/security-advisory-2416728-released.aspx.
The Security Research & Defense (SRD) team at Microsoft has also released a blog that contains a script to help detect vulnerable installations. The blog is located at http://blogs.technet.com/b/srd/archive/2010/09/17/understanding-the-asp-net-vulnerability.aspx
You can check out more details on Scott Guthrie’s blog at http://weblogs.asp.net/scottgu/archive/2010/09/18/important-asp-net-security-vulnerability.aspx