Home › News › Microsoft
Microsoft closes 2011 with an emergency Windows Update
Microsoft has issued a rare out-of-band update to plug a vulnerability in the .NET Framwork. The bulletin (MS11-100) comes several weeks before the next regularly scheduled Patch Tuesday in mid-January and addresses a flaw that could allow attackers to exploit hash tables to perform a denial-of-service (DoS) attack against a website built with Microsoft's ASP.NET application framework.
Usually, DoS attacks require thousands of computers (often malware-controlled systems in a botnet) to overwhelm a site with requests. However, this opening would allow an attacker to cripple a vulnerable site by sending a certain type of HTTP request. Each request sent would consume 100% of one CPU core. Sending several of such requests could easily devour all of a server's processing resources.
"Attacks targeting this type of vulnerability are generically known as hash collision attacks," the company said, adding that the hole is not specific to Microsoft's Web services as it affects PHP 5, Java, .NET, v8 and to some extent PHP 4, Ruby and Python. The folks behind those platforms are expected to issue similar updates in the near future, but the holidays will undoubtedly delay that process.
It's worth noting that this vulnerability isn't new. It was discovered as far back as 2003, around which time Pearl and CRuby made some changes to thwart such attacks. Microsoft's patch has already rolled out on Windows Update for Windows XP, Server 2003, Vista, Server 2008, 7, and Server 2008 R2. On the bright side, the company's Security Bulletin page doesn't mention a mandatory reboot.
Related Stories
User Comments (17)
Post a comment|
Nima304
on December 29, 2011 5:08 PM |
Interesting. |
|
Gars
on December 29, 2011 5:20 PM |
hm logged just to say that today got some unusual lockups like: - foobar - utorrenent - mpc before that Ive experience a sound glitch something like "high voltage" + "punk, you get it" for now, things r common |
|
hahahanoobs
on December 29, 2011 5:58 PM |
Funny I should see this after logging into my hotmail account about 20mins ago, and given a mandatory account password change, for someone else using my account. Sure enough in the sent box were eight addresses I didn't recognize, sent in the past couple weeks, with the only activity before that being in 2009. |
|
Guest
on December 29, 2011 9:13 PM |
Recently I downloaded Explorer 9 and ever since I have been having problems viewing some videos sites. For example if I bring up MSN and want to watch a news video I can hear the sounds but the picture isn't there or it is just bits and pieces like tile. I can videos of YouTube but many internet chat sites I can't see what I am typing. Does anyone have an idea of what's wrong. Before downloading, Explorer 7 worked fine. Thanks. |
|
Guest
on December 29, 2011 9:34 PM |
Guest your fault is using Internet explorer in the first place don't you know their are a hell of a lot more secure and faster alternatives to internet explorer? |
|
Guest
on December 30, 2011 2:31 AM |
You still use IE? |
|
bigceebin4
on December 30, 2011 7:10 AM |
I have W7 on one machine and WHS 2011 on another (in the same office). I have been simultaneously updating them the past few days. I rely on ASP .NET quite a bit in, and all the update have referenced .NET or some security patch. And please use Chrome.. |
|
Guest
on December 30, 2011 8:02 AM |
I have installed this on a few servers, the majority did not require a reboot however one did. Overall a quick patch install without any problems. |
|
jtennison
on December 30, 2011 9:09 AM |
"... Security Bulletin page doesn't mention a mandatory reboot" It required a reboot on my Win7-SP1 system! |
|
superty12
on December 30, 2011 10:24 AM |
No surprise that this is how Microsoft welcomes a new year... |
|
Guest
on December 30, 2011 11:09 AM |
Why use IE? What has it done for you? |
|
Dannyk0ed
on December 30, 2011 12:01 PM |
IE was great,but then firefox came along. |
|
Matthew
on December 30, 2011 12:35 PM |
jtennison said: "... Security Bulletin page doesn't mention a mandatory reboot" It required a reboot on my Win7-SP1 system! I didn't have to reboot on Win7 Home Premium x64. |
|
Guest
on December 30, 2011 12:38 PM |
4 diiferent machines--all WIN7. No reboot. |
|
Guest
on December 31, 2011 2:11 AM |
Ditto no reboot. |
|
gobbybobby
on December 31, 2011 5:45 AM |
Check for updates but don't install. Win 7 64 bit. No updates in the last week, at all. I don;t use IE tho. Did A fresh install on another machine and im pretty sure this update was in there. My windows update on this machine says everything up to date which is odd looking at the update history its not on there... (Same version of windows) |
|
fpsgamerJR62
on January 3, 2012 7:00 AM |
At least the guys at Microsoft didn't go home early for the holidays. This patch is most appreciated. |
Most Popular
| Trending | Featured |
-
iOS 5.1.1 untethered jailbreak tool released, supports 4S, iPad 3
-
After five days, Facebook ranks as worst IPO flop of the decade
-
Rumor: AMD "Piledriver" FX CPU production to begin Q3 2012
-
Is Apple's USB wall adapter really worth $29?
-
Google warns users infected with DNSChanger malware, provides help
Editors' Monitor Picks
Subscribe to TechSpot
Get free exclusive content, learn about new features and tech breaking news.
