Critical Remote Code Execution Flaw Addressed in .NET Framework

The April 2012 security updates from Microsoft address a number of vulnerabilities, among which a critical remote code execution issue in the .NET Framework. The security hole could allow an attacker to remotely execute arbitrary code.

The flaw can be exploited if the attacker can convince the victim to open a specially designed webpage in a browser that supports XAML Browser applications (XBAP).

While accounts with less privileges are not severely impacted, servers that run IIS and allow the processing of ASP.NET pages are susceptible to attacks in the scenario in which the attacker succeeds in uploading and executing a malicious ASP.NET to the targeted system.

Furthermore, the weakness can be leveraged to bypass Code Access Security (CAS) restrictions.

The most dangerous scenario in which this vulnerability is exploited is represented by drive-by attacks. A cybercriminal can place malevolent scripts on compromised websites to exploit this vulnerability.

On one hand, the cybercrook must rely on social engineering to launch these attacks because internauts can’t be forced to visit the compromised websites. On the other hand, it’s well known that spam emails or messages posted on social media networks usually bring good results for those who initiate such campaigns.

Microsoft is confident that the security hole won’t be exploited in the wild because of the security warning, but it's almost certain that a working proof-of-concept will be released in the next 30 days.

Also, for some systems, the XBAP issue has been addressed some while ago.

“The good news is that a zero-click “driveby” style attack is no longer possible from the Internet on workstations where MS11-044 (published June 2011) has been installed. MS11-044 introduced an additional security prompt for all XBAP’s encountered from the Internet Zone,” Jonathan Ness from MSRC Engineering wrote.

Except Microsoft .NET Framework 3.0 SP2 and .NET Framework 3.5 SP1 customers, who are not affected by the vulnerability, users are advised to immediately apply the updates.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.