CYBER NEWS

CVE-2020-1108: New .NET Core Update Addresses Critical DoS Flaw

Microsoft has released a security update in the .NET core system which fixes the CVE-2020-1108 issue detected in the framework. This was a critical problem that resulted in the ability to conduct Denial of Service (DoS) attacks which can be used to sabotage computer networks.




Related:
A new security report indicates that the KingMiner crypto-mining operation is back in the game with new attacks against MSSQL (Microsoft SQL) databases.
KingMiner Is Back in New Attacks against MSSQL Servers

Microsoft Patches the .NET Core Library To Address The CVE-2020-1108 Vulnerability

The .NET Core has been updated by the Microsoft Security team as a very dangerous flaw has been identified in it. The issue has been documented in the CVE-2020-1108 advisory. According to the description the core of the problem involves the way the .NET Core and Framework modules handle web requests. Unpatched systems can be exploited remotely without authentication from the hackers end. This can be done by creating special crafted packet requests which will trigger the reaction.

An example attack behavior can be the discovery of such older installations of the .NET Core and .NET frameworks. This is very easy as the hackers can insert the relevant filters looking out for code prepared for web applications. When they have launch their respective toolkits a report will be generated indicating the vulnerable sites. Common examples of complex .NET framework web applications and services include the following:

  • Cloud Based CRM Systems
  • Collaborative Online Tools
  • Social Networks and Online Communities
  • Productivity Tools
Related:
June 2020 Patch Tuesday includes fixes for LNK, SMB, SharePoint, and Win32k vulnerabilities, of which only 11 were rated critical.
June 2020 Patch Tuesday: Biggest Update in the History of Microsoft

The severity is rated as important as it affects applications that are based on the .NET framework. It is one of the most important and frequently used ways to create an application for the Microsoft Windows family of operating systems.

Developers of .NET products should pay extra attention as most of them usually install several different packages of the framework. If they have multiple version of the .NET Core placed on their workstations they will need to install several runtime updates, so that all environments will fix the issue.

Avatar

Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.

More Posts - Website

Follow Me:
TwitterGoogle Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...