informa
/
Vulnerabilities/Threats
Quick Hits

Microsoft Releases Update for DoS Flaw in .NET Core

Customers are advised to install the latest version of PowerShell to fully address CVE-2020-1108.

Last week Microsoft published a revision to CVE-2020-1108, a denial-of-service (DoS) vulnerability in the .NET Core and .NET Framework. To fully address the flaw, the company released updates for PowerShell Core 6.2 and PowerShell 7.0, according to an email advisory sent on June 11.

A DoS bug exists when .NET Core or .NET Framework improperly handles Web requests. An attacker who successfully exploited this could launch a DoS against a .NET Core or .NET Framework Web applications, Microsoft explains. The flaw can be exploited without authentication by an attacker who sends specially crafted requests to the targeted app.

CVE-2020-1108 addresses the flaw by adjusting how the .NET Core or .NET Framework Web application handles Web requests. The vulnerability had not been publicly shared or exploited prior to its initial disclosure last month, and Microsoft considers "exploitation less likely." Still, users are advised to install the latest version of PowerShell to be fully protected from attack.

Read more details here.

VIRTUALSUMMIT_DR20_320x50.jpg
 
 
 
 
 
 
Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5