A serious vulnerability was found in Microsoft's ASP .Net web development framework that is described as follows:
<blockquote>
in Microsoft .NET Framework 3.5 Service Pack 1 and above, this vulnerability can be used by an attacker to retrieve the contents of any file within the ASP.NET application, including web.config”  and that “this vulnerability can also be used for data tampering, which, if successfully exploited, could be used to decrypt and tamper with the data encrypted by the server
</blockquote>
Being that the severity of this patch is too high to allow them to wait until their next cycled patch release, they instead chose to release the following emergency fix: <a href="http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx">http://www.microsoft.com/technet/security/bulletin/MS10-070.mspx</a>.
All users who are affected are strongly encouraged to patch immediately to avoid potential issues.

Microsoft releases emergency fix for ASP .Net vulnerability

mike-johnston company logo

mike-johnston

mike-johnston Profile

A serious vulnerability was found in Microsoft's ASP .Net web development framework that is described as follows: 
 
in Microsoft .NET Framework 3.5 Service Pack 1 and above, this  vulnerability can be used by an attacker to retrieve the contents of any  file within the ASP.NET application, including web.config”  and  that “this vulnerability can a...