Patch rushed to cover flaw

Microsoft has issued an emergency update that blocks attacks against a flaw in the ASP.NET web application framework. According to, the flaw can cause poor encryption implementation. That leaves an opening for something called a padding oracle attack. The attack tricks the Web server behind an application into giving up sensitive information in error messages. The flaw also lets hackers decrypt data that is supposed to stay buttoned up on the web server. Microsoft rates the patch as important. It covers the dot-net framework running on Windows Server 2003 and 2008.

This story is part of Federal News Radio’s daily Cybersecurity Update brought to you by Tripwire. For more cybersecurity news, click here.