Microsoft Warns of ViewState Code Injection Attacks
/ 1 min read
🦠👾 Microsoft warns of ViewState code injection attacks exploiting publicly disclosed ASP.NET machine keys. In December 2024, Microsoft Threat Intelligence identified a threat actor using a publicly available ASP.NET machine key to execute a ViewState code injection attack, delivering the Godzilla post-exploitation framework. Over 3,000 publicly disclosed keys have been found, raising concerns as these can be easily accessed and misused by attackers. Microsoft advises organizations to avoid using publicly available keys, regularly rotate their machine keys, and utilize Microsoft Defender for Endpoint for detection. The blog outlines the nature of ViewState attacks, remediation steps, and best practices for securing machine keys to mitigate risks associated with these vulnerabilities.
