Microsoft has released a security update in the .NET core system which fixes the CVE-2020-1108 issue detected in the framework. This was a critical problem that resulted in the ability to conduct Denial of Service (DoS) attacks which can be used to sabotage computer networks.
Microsoft Patches the .NET Core Library To Address The CVE-2020-1108 Vulnerability
The .NET Core has been updated by the Microsoft Security team as a very dangerous flaw has been identified in it. The issue has been documented in the CVE-2020-1108 advisory. According to the description the core of the problem involves the way the .NET Core and Framework modules handle web requests. Unpatched systems can be exploited remotely without authentication from the hackers end. This can be done by creating special crafted packet requests which will trigger the reaction.
An example attack behavior can be the discovery of such older installations of the .NET Core and .NET frameworks. This is very easy as the hackers can insert the relevant filters looking out for code prepared for web applications. When they have launch their respective toolkits a report will be generated indicating the vulnerable sites. Common examples of complex .NET framework web applications and services include the following:
- Cloud Based CRM Systems
- Collaborative Online Tools
- Social Networks and Online Communities
- Productivity Tools
The severity is rated as important as it affects applications that are based on the .NET framework. It is one of the most important and frequently used ways to create an application for the Microsoft Windows family of operating systems.
Developers of .NET products should pay extra attention as most of them usually install several different packages of the framework. If they have multiple version of the .NET Core placed on their workstations they will need to install several runtime updates, so that all environments will fix the issue.