/>
X
Innovation
Home Innovation Security

SANS gives ASP.NET denial of service warning

IT professionals should apply a Microsoft patch for ASP.NET vulnerabilities as soon as possible, following the publication of proof-of-concept denial-of-service code, security training organisation SANS Institute has said.
Written by Tom Espiner, Contributor on

IT professionals should apply a Microsoft patch for ASP.NET vulnerabilities as soon as possible, following the publication of proof-of-concept denial-of-service code, security training organisation SANS Institute has said.

"If you have not patched yet for vulnerability MS11-100 you might want to do it ASAP, because the DoS [denial-of-service] PoC [proof-of-concept] exploit for this vulnerability has been published two days ago," SANS incident handler Manuel Humberto Santander Peláez said in a blog post on Monday.

Microsoft patched flaws in the ASP.NET web application framework in an out-of-band patch on Friday. The proof-of-concept denial-of-service code was publicised on the Full Disclosure mailing list on Friday.

The PoC code comes in two different file sizes, according to Trustwave SpiderLabs, and works with a payload of a large number of random parameter names.

Editorial standards
Show Comments

Related

three-people-having-a-discussion-in-front-of-a-computer-in-an-office

Microsoft: We are tracking these 100 active ransomware gangs using 50 types of malware

data-center-working

Microsoft warning: Protect this critical piece of your tech infrastructure

shutterstock-608208689.jpg

Microsoft: This new browser feature is 'huge step forward' against zero-day threats