Microsoft Warns of Malware Exploiting Exposed ASP.NET Keys
/ 1 min read
🗝️ Microsoft warns of malware attacks exploiting exposed ASP.NET machine keys. Microsoft Threat Intelligence has identified that attackers are leveraging publicly available ASP.NET machine keys to execute ViewState code injection attacks, which can lead to remote code execution on targeted IIS web servers. These keys, often found in code documentation and repositories, allow attackers to craft malicious payloads that the ASP.NET Runtime unwittingly executes. Microsoft has discovered over 3,000 such keys and advises developers to securely generate their machine keys, avoid using default or publicly disclosed keys, and implement security measures like encrypting sensitive elements in their applications. The company also emphasizes the need for thorough investigations and potential reinstallation of compromised servers to mitigate risks.
