/>
X
Innovation

SANS gives ASP.NET denial of service warning

IT professionals should apply a Microsoft patch for ASP.NET vulnerabilities as soon as possible, following the publication of proof-of-concept denial-of-service code, security training organisation SANS Institute has said.
Written by Tom Espiner, Contributor on

IT professionals should apply a Microsoft patch for ASP.NET vulnerabilities as soon as possible, following the publication of proof-of-concept denial-of-service code, security training organisation SANS Institute has said.

"If you have not patched yet for vulnerability MS11-100 you might want to do it ASAP, because the DoS [denial-of-service] PoC [proof-of-concept] exploit for this vulnerability has been published two days ago," SANS incident handler Manuel Humberto Santander Peláez said in a blog post on Monday.

Microsoft patched flaws in the ASP.NET web application framework in an out-of-band patch on Friday. The proof-of-concept denial-of-service code was publicised on the Full Disclosure mailing list on Friday.

The PoC code comes in two different file sizes, according to Trustwave SpiderLabs, and works with a payload of a large number of random parameter names.

Editorial standards