14 DAY TRIAL // Microsoft rushed to release an out-of-band security update to resolve a denial-of-service (DoS) issue that affected ASP.NET versions 1.1 and later on all supported variants of the .NET framework. A large number of web platforms are affected by the hash collision problem, but the Redmond company was among the first to act on it.
The MS11-100 security bulletin fixes a vulnerability that exists in the way ASP.NET hashes specially crafted requests. The hash collisions that occur when malicious data is inserted into hash tables could overwhelm a server’s CPU resulting in a DoS condition.
Besides this, other weaknesses are resolved in the latest security update.
A phishing attack could be launched by a hacker using a spoofing vulnerability that verifies return URLs during the form authentication process. By exploiting this flaw, an attacker is able to redirect a user to a malicious website that’s cleverly set up to obtain private information.
An authentication bypass vulnerability that exists in ASP.NET forms is more difficult to exploit, but if an attacker manages to register an account on the application and knows the name of the targeted account, he could utilize a special web request to initiate any action, including code execution, using the targeted account.
Finally, an authentication ticket caching weakness allows for a cybercriminal to execute arbitrary code due to the way cached content is handled by the framework when Forms Authentication is used with sliding expiry.
Combined with some social engineering, an attacker could send potential victims, ones with elevated privileges, a specially crafted link.
Microsoft is not aware of any attacks taking place in the wild using these vulnerabilities, but to prevent any unfortunate incidents, users are advised to install the update.
Other web programming language and platform vendors are also working on addressing the hash collision issues and until permanent solutions are out, clever workarounds were proposed.