Windows Web Server Flaw

by Yeimy F
 

In 2010, Microsoft rushed out a fix for ASP.NET bug on Windows server. It was a flaw that started to be deployed by online attackers who caused some limited attacks but made several attempts to bypass Windows Server Operating system. “ ASP.NET is used to build Web applications, and the bug gives attackers a way to gain access to protected files or read encrypted data sent by an ASP.NET application server.” Online attackers were able to steal username and passwords from websites. However, this bug was not considered harmful to customers unless they happen to run a Web server on their computer.

Even thought, the problem didn’t seem serious due to a limited number of attacks, Microsoft decided to released an immediate patch, as opposed to wait for a fix on the next version, which fixed the bug found in the Windows ASP.NET technology. And this new update on Windows server was made available quickly to large enterprises, hosting providers, and ISVS.

 This passed couple of weeks we have been talking about the development of ASP.NET web sites, but we will not have the time to talk about the problems encountered later on once they are made available to customers, and online attackers as well. And even this article is kind of old, it gives an example of the next possible attacks to ASP.NET technologies can encounter.

 So I consider this as a good source of information about some of the flaws Microsoft technologies have and how this technologies are at target. And also to let you know that we can also trust the providers who continually check for attacks and provide whatever is necessary to protect us from online attackers.

 

McMillan, R. (Sept. 28, 2010). After Attacks, Microsoft to Rush Out Fix for ASP.net Bug. Retrieved March, 5, 2012. From

http://www.pcworld.com/businesscenter/article/206380/after_attacks_microsoft_to_rush_out_fix_for_aspnet_bug.html

2 thoughts on “Windows Web Server Flaw”

  1. I like it how Microsoft acts right away to make sure that their ASP.NET application is working properly and secure. Good article, it was insightful!

  2. I am wondering if the hackers used SQL statements to perform their attack. Maybe you could add some more to it by researching the attack method.

Comments are closed.