Home > Cyber News > CVE-2020-1108: New .NET Core Update Addresses Critical DoS Flaw
CYBER NEWS

CVE-2020-1108: New .NET Core Update Addresses Critical DoS Flaw

Microsoft has released a security update in the .NET core system which fixes the CVE-2020-1108 issue detected in the framework. This was a critical problem that resulted in the ability to conduct Denial of Service (DoS) attacks which can be used to sabotage computer networks.




Related: [wplinkpreview url=”https://sensorstechforum.com/kingminer-attacks-mssql-servers/”]KingMiner Is Back in New Attacks against MSSQL Servers

Microsoft Patches the .NET Core Library To Address The CVE-2020-1108 Vulnerability

The .NET Core has been updated by the Microsoft Security team as a very dangerous flaw has been identified in it. The issue has been documented in the CVE-2020-1108 advisory. According to the description the core of the problem involves the way the .NET Core and Framework modules handle web requests. Unpatched systems can be exploited remotely without authentication from the hackers end. This can be done by creating special crafted packet requests which will trigger the reaction.

An example attack behavior can be the discovery of such older installations of the .NET Core and .NET frameworks. This is very easy as the hackers can insert the relevant filters looking out for code prepared for web applications. When they have launch their respective toolkits a report will be generated indicating the vulnerable sites. Common examples of complex .NET framework web applications and services include the following:

  • Cloud Based CRM Systems
  • Collaborative Online Tools
  • Social Networks and Online Communities
  • Productivity Tools
Related: [wplinkpreview url=”https://sensorstechforum.com/june-2020-patch-tuesday/”]June 2020 Patch Tuesday: Biggest Update in the History of Microsoft

The severity is rated as important as it affects applications that are based on the .NET framework. It is one of the most important and frequently used ways to create an application for the Microsoft Windows family of operating systems.

Developers of .NET products should pay extra attention as most of them usually install several different packages of the framework. If they have multiple version of the .NET Core placed on their workstations they will need to install several runtime updates, so that all environments will fix the issue.

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree