Microsoft hustled to release a security patch to address a flaw in its popular Web development framework that had been demonstrated to function as a tool to break server encryption.
The software giant had alerted users that it would be issuing the out-of-band patch ahead of its regular monthly patch cycle, advising immediate installation of the fix for the ASP.NET flaw, which the company said affected users of Windows XP, Windows Vista, Windows 7, Windows Server 2003 and 2008 and Windows Server 2008 R2. eSecurity Planet has the details.
As promised, Microsoft shipped an out-of-band patch Tuesday to fix a zero-day security flaw in a company-originated technology that is popularly used for Web applications — a flaw that has already seen “limited, targeted attacks” in the wild.
Microsoft (NASDAQ: MSFT) first acknowledged about ten days ago the bug that can be used to crack server encryption after two researchers disclosed details of how to exploit it at a security convention in Buenos Aires, Argentina. The company said at that time that it had a patch already in the works.