Sign up for a new account or log in here:
also @ TechSpot: Gamers spend more money on iOS than dedicated handhelds
Microsoft has issued a rare out-of-band update to plug a vulnerability in the .NET Framwork. The bulletin (MS11-100) comes several weeks before the next regularly scheduled Patch Tuesday in mid-January and addresses a flaw that could allow attackers to exploit hash tables to perform a denial-of-service (DoS) attack against a website built with Microsoft's ASP.NET application framework.
Usually, DoS attacks require thousands of computers (often malware-controlled systems in a botnet) to overwhelm a site with requests. However, this opening would allow an attacker to cripple a vulnerable site by sending a certain type of HTTP request. Each request sent would consume 100% of one CPU core. Sending several of such requests could easily devour all of a server's processing resources.
"Attacks targeting this type of vulnerability are generically known as hash collision attacks," the company said, adding that the hole is not specific to Microsoft's Web services as it affects PHP 5, Java, .NET, v8 and to some extent PHP 4, Ruby and Python. The folks behind those platforms are expected to issue similar updates in the near future, but the holidays will undoubtedly delay that process.
It's worth noting that this vulnerability isn't new. It was discovered as far back as 2003, around which time Pearl and CRuby made some changes to thwart such attacks. Microsoft's patch has already rolled out on Windows Update for Windows XP, Server 2003, Vista, Server 2008, 7, and Server 2008 R2. On the bright side, the company's Security Bulletin page doesn't mention a mandatory reboot.
User Comments: 17
Got something to say? Post a comment-
Interesting.
-
Gars said:
hm
logged just to say that today got some unusual lockups like:
- foobar
- utorrenent
- mpc
before that Ive experience a sound glitch
something like "high voltage" + "punk, you get it"
for now, things r common
-
Funny I should see this after logging into my hotmail account about 20mins ago, and given a mandatory account password change, for someone else using my account. Sure enough in the sent box were eight addresses I didn't recognize, sent in the past couple weeks, with the only activity before that being in 2009.
-
Recently I downloaded Explorer 9 and ever since I have been having problems viewing some videos sites. For example if I bring up MSN and want to watch a news video I can hear the sounds but the picture isn't there or it is just bits and pieces like tile. I can videos of YouTube but many internet chat sites I can't see what I am typing. Does anyone have an idea of what's wrong. Before downloading, Explorer 7 worked fine. Thanks.
-
Guest your fault is using Internet explorer in the first place don't you know their are a hell of a lot more secure and faster alternatives to internet explorer?
-
You still use IE?
-
I have W7 on one machine and WHS 2011 on another (in the same office). I have been simultaneously updating them the past few days. I rely on ASP .NET quite a bit in, and all the update have referenced .NET or some security patch.
And please use Chrome..
-
I have installed this on a few servers, the majority did not require a reboot however one did. Overall a quick patch install without any problems.
-
"... Security Bulletin page doesn't mention a mandatory reboot"
It required a reboot on my Win7-SP1 system!
-
superty12 said:
No surprise that this is how Microsoft welcomes a new year...
-
Why use IE? What has it done for you?
-
IE was great,but then firefox came along.
-
Staffjtennison said:
"... Security Bulletin page doesn't mention a mandatory reboot"
It required a reboot on my Win7-SP1 system!
I didn't have to reboot on Win7 Home Premium x64.
-
4 diiferent machines--all WIN7.
No reboot.
-
Ditto no reboot.
-
Check for updates but don't install. Win 7 64 bit. No updates in the last week, at all. I don;t use IE tho. Did A fresh install on another machine and im pretty sure this update was in there. My windows update on this machine says everything up to date which is odd looking at the update history its not on there... (Same version of windows)
-
At least the guys at Microsoft didn't go home early for the holidays. This patch is most appreciated.
Most Popular
| Trending | Featured |
-
Microsoft launches YouTube app, Google demands it taken down
-
Bill Gates is once again the richest person in the world
-
Nvidia Shield arrives in June for $349, pre-orders open now (update)
-
Asus' new lineup of Z87 Haswell motherboards revealed
-
Google, NASA join forces to build quantum computing laboratory
Featured on Cameras
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.