Windows Web Server Flaw{2}

by Yeimy F

In 2010, Microsoft rushed out a fix for ASP.NET bug on Windows server. It was a flaw that started to be deployed by online attackers who caused some limited attacks but made several attempts to bypass Windows Server Operating system. “ ASP.NET is used to build Web applications, and the bug gives attackers a way to gain access to protected files or read encrypted data sent by an ASP.NET application server.” Online attackers were able to steal username and passwords from websites. However, this bug was not considered harmful to customers unless they happen to run a Web server on their computer.

Even thought, the problem didn’t seem serious due to a limited number of attacks, Microsoft decided to released an immediate patch, as opposed to wait for a fix on the next version, which fixed the bug found in the Windows ASP.NET technology. And this new update on Windows server was made available quickly to large enterprises, hosting providers, and ISVS.

 This passed couple of weeks we have been talking about the development of ASP.NET web sites, but we will not have the time to talk about the problems encountered later on once they are made available to customers, and online attackers as well. And even this article is kind of old, it gives an example of the next possible attacks to ASP.NET technologies can encounter.

 So I consider this as a good source of information about some of the flaws Microsoft technologies have and how this technologies are at target. And also to let you know that we can also trust the providers who continually check for attacks and provide whatever is necessary to protect us from online attackers.


McMillan, R. (Sept. 28, 2010). After Attacks, Microsoft to Rush Out Fix for Bug. Retrieved March, 5, 2012. From