Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft To Release Emergency Fix For ASP.NET Bug

Posted by Soulskill on from the don't-make-us-do-stuff dept.

Trailrunner7 writes "Microsoft on Tuesday will release an emergency out-of-band patch for the ASP.NET padding oracle attack that was disclosed earlier this month. The patch will only be available on the company's Download Center for the time being, however. The company is taking the step of releasing an emergency fix for the bug because of the seriousness of the vulnerability — which potentially affects millions of Web applications — and the fact that there are attacks ongoing against it already. The patch will fix the flaw in all versions of the .NET framework. Although Microsoft issued guidance about workarounds to defend against attacks on the ASP.NET bug shortly after it was publicly disclosed, the researchers, Juliano Rizzo and Thai Duong, said that the workarounds did not fully protect users against their attack."

4 of 73 comments (clear)

  1. Thoid poist by Anonymous Coward · · Score: 0, Funny

    First I got foist, and now thoid. Where is everybody, out patching their servers?

  2. Re:That Bogus Feeling by Anonymous Coward · · Score: 2, Funny

    You obviously don't go there very often. TechNet has been a part of Microsoft for many years. It's where all the "IT Pros" go.

  3. "padding oracle"? by 93+Escort+Wagon · · Score: 2, Funny

    So does this involve an Oracle database somehow - in which case "Oracle" should have been capitalized - or are we talking about a real, honest-to-goodness oracle? Did the attack originate in Greece?

    --
    #DeleteChrome
    1. Re:"padding oracle"? by ardeez · · Score: 1, Funny

      Did the attack originate in Greece?

      Yeah, it was written in Dephi

      --
      don't be a spelling loser