Microsoft has issued an emergency update that blocks attacks against a flaw in the ASP.NET web application framework. According to SearchSecurity.com, the flaw can cause poor encryption implementation. That leaves an opening for something called a padding oracle attack. The attack tricks the Web server behind an application into giving up sensitive information in error messages. The ASP.net flaw also lets hackers decrypt data that is supposed to stay buttoned up on the web server. Microsoft rates the patch as important. It covers the dot-net framework running on Windows Server 2003 and 2008.
This story is part of Federal News Radio’s daily Cybersecurity Update brought to you by Tripwire. For more cybersecurity news, click here.
Tom Temin is the host of The Federal Drive, which airs from 6-8 a.m. on 1500 AM in the Washington, D.C. region and online everywhere. Tom has 30 years experience in journalism, mostly in technology markets. Before coming to Federal News Radio, he was a long-serving editor-in-chief of Government Computer News and Washington Technology magazines.