News

Microsoft issues emergency patch for Windows Web bug

Microsoft has delivered an emergency patch for a Windows Web server flaw that is being actively exploited by hackers.

The patch addresses a vulnerability in ASP.Net's encryption that would allow attackers to access Web applications with full administrator rights; decrypt session cookies or other encrypted data on a remote server; and access files from sites or Web applications. The affected audience will be mostly large companies and ISPs; the average individual user is typically not vulnerable to attack since few run a Web server.

Microsoft has released the update only to its download center, where customers must retrieve and install it manually. It will be released through Windows Update at a later time.