Microsoft rushes to release a solution for a flaw in Windows Web server that has begun to be exploited in online attacks.
Patch fix a bug in Windows ASP.net technology used in Microsoft's servers. Microsoft says it has seen limited exploitation of online attacks escape, but the problem is serious enough that the company decide to speed up launch of resolution, before or regular update scheduled for October 12.
ASP.net is used to build Web applications and bug gives hackers a way to gain access to protected files or read encrypted data sent by a server application ASP.net. Earlier this month, researchers have demonstrated how an attack can be used to steal session cookies, or possibly encrypted user names and passwords on websites.
Microsoft occasionally updates issue such out-of-band when he discovers a serious security problem, but this release is different. For starters, Microsoft will launch initially only patch Microsoft Download Center - generally used by large organizations that want to test patches before installing them manually within the company.
"It allows them to get the update as soon as possible, allowing administrators and end users who want to manually install this security update, to test him and to update their systems immediately," Microsoft said in a posting Monday blog announcing the update. "We encourage these customers to visit the Download Center to download the update, to test their environment and apply it as soon as possible."
For most of the customers who rely on automatic updates, the patch will be released in a few days. Consumers are not vulnerable to this bug, unless you run a web server on their computers.
0 comments
Post a Comment