(LiveHacking.Com) – Microsoft has released a “Critical” out-of-band update for .NET which fixes an elevation of privilege vulnerability in .NET across all supported versions of Windows. Microsoft’s prime reason for releasing the update was to address the newly disclosed denial-of-service vulnerability affecting a range of Web development languages including Microsoft’s ASP.NET, however the update also included fixes which were already committed to the code base.
Before details of the hash table collision denial-of-service vulnerability were released, Microsoft had planned to release a .NET security update addressing three vulnerabilities, one of which was a Critical elevation of privilege vulnerability. Once they received the notification about the elevation of privilege vulnerability the ASP.NET team fixed it and tested it ready for the next security update. Therefore the hash table collision update includes the already committed privilege elevation.
The elevation of privilege vulnerability, which was privately reported to Microsoft, is exploited when an unauthenticated attacker sends a specially crafted web request to the target site. If successful the attacker can take any action in the context of an existing account on the ASP.NET site, including executing arbitrary commands. However to exploit this vulnerability, an attacker must be able to register an account on the ASP.NET site, and must know an existing user name. The fix changes the way the .NET Framework handles specially crafted requests, and how the ASP.NET Framework authenticates users and handles cached content.
This security update is rated Critical for Microsoft .NET Framework 1.1 Service Pack 1, Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5 Service Pack 1, Microsoft .NET Framework 3.5.1, and Microsoft .NET Framework 4 on all supported editions of Microsoft Windows.