Recent Security Vulnerability within ASP.NET

September 21st, 2010 by Chris Lahey

Recently, a vulnerablity in the .NET framework was exposed. The attack exploits the security measures behind encrypted “cookies” in an attempt to gain knowledge that will allow the attacker to better decrypt the cookies. If enough information is gained, the attackers can potentially gain access to protected files and information stored within your site.

The details of it all are a bit technical, and we strongly urge you to stay up to date on Microsoft’s advisory site.  While there is no patch to the .NET framework released by Microsoft yet, there is a work around that will inhibit the attackers and prevent them from learning more about how your web server encrypts files and cookies.

At Station Four, we understand that many of you who are our clients are unaware of the technology that your web sites and applications are using. For our clients who’s websites we host, we have completed an internal audit and will be notifying you individually to inform you of the vulnerability and our plans to ensure your safety.