Technology content trusted in North America and globally since 1999
8,398 Reviews & Articles | 64,190 News Posts

Microsoft release an emergency Windows 7 update, just before the end of the year

Microsoft issues an update to Windows, fixes a vulnerability in the .NET Framework
By Anthony Garreffa from Dec 30, 2011 @ 5:21 CST

Microsoft have released a rare out-of-band update to fix a vulnerability in the .NET Framework. The update comes weeks before the next regularly scheduled "Patch Tuesday" in mid-January, and addresses a flaw that could allow attackers to exploit hash tables to perform a denial-of-service (DoS) attack against a website built with Microsoft's ASP.NET application framework.

microsoft_release_an_emergency_windows_7_update_just_before_the_end_of_the_year_01

DoS attacks usually require thousands of malware-controlled systems in a botnet to overwhelm a site with requests. This opening would allow an attacker to cripple a vulnerable site by sending a certain type of HTTP request. Each of these requests would consume 100-percent of one CPU core. As you can imagine, the more of these requests, the more CPU power that is zapped away.

Microsoft says "Attacks targeting this type of vulnerability are generically known as hash collision attacks." They also added that the problem is not specific to Microsoft's Web services as it affects PHP 5, Java, .NET, v8 and even PHP 4, Ruby and Python. The people behind these platforms will release updates soon, but the holidays will dampen these efforts.

NEWS SOURCES:Techspot.com


Related Tags