CyberSecurity news
FlagThis
@www.bleepingcomputer.com
//
Microsoft is warning of code injection attacks that leverage publicly exposed ASP.NET machine keys. In December 2024, Microsoft Threat Intelligence observed attackers using publicly available ASP.NET machine keys to inject malicious code and deliver the Godzilla post-exploitation framework. Developers have been found incorporating these keys, which are designed to protect ViewState from tampering, from public resources like code documentation and repositories. This has enabled attackers to perform malicious actions on targeted servers through ViewState code injection attacks.
Microsoft has identified over 3,000 leaked ASP.NET keys that could be used in these attacks. These publicly disclosed keys pose a higher risk compared to compromised or stolen keys previously sold on dark web forums, as they are readily available in multiple code repositories and may have been integrated into development code without modification. Microsoft recommends that organizations avoid copying keys from public sources and regularly rotate their keys.
ImgSrc: www.bleepstatic
References :
Microsoft has identified over 3,000 leaked ASP.NET keys that could be used in these attacks. These publicly disclosed keys pose a higher risk compared to compromised or stolen keys previously sold on dark web forums, as they are readily available in multiple code repositories and may have been integrated into development code without modification. Microsoft recommends that organizations avoid copying keys from public sources and regularly rotate their keys.
ImgSrc: www.bleepstatic
Share:
References :
- The Hacker News: The Hacker News reports on Microsoft identifying thousands of leaked ASP.NET keys.
- www.bleepingcomputer.com: BleepingComputer reports on Microsoft warning about attackers deploying malware using exposed ASP.NET keys.
- www.helpnetsecurity.com: HelpNetSecurity covers the attack that compromised IIS servers by using exposed ASP.NET machine keys.
- www.microsoft.com: Microsoft's security blog details code injection attacks using publicly disclosed ASP.NET machine keys.
- BleepingComputer: Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online.
- : Microsoft : In December 2024, Microsoft Threat Intelligence observed limited activity by an unattributed threat actor using a publicly available, static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework.
- Help Net Security: Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys
- cyberinsider.com: Microsoft Threat Intelligence has identified a security risk involving publicly available ASP.NET machine keys, which have been exploited in code injection attacks.
- gbhackers.com: Hackers exploit ASP.NET machine keys to hack IIS web servers remotely
- BleepingComputer: Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP.NET machine keys found online.
- Virus Bulletin: Microsoft researchers observed limited activity by an unattributed threat actor using a publicly available static ASP.NET machine key to inject malicious code and deliver the Godzilla post-exploitation framework.
- securityaffairs.com: Attackers used a public ASP.NET machine to conduct ViewState code injection attacks
- CyberInsider: Microsoft warns of code injection via exposed ASP.NET keys
- Thomas Roccia :verified:: New Microsoft Threat Report: "ViewState Code Injection Attacks Using Publicly Disclosed ASP.NET Machine Keys" I wanted to understand deeper how works the attack so I created a detailed overview. Hope that helps
- Techmeme: Techmeme post about Microsoft warning on attackers injecting malware into ViewState.
- Blog: Theat actors observed using exposed ASP.NET keys to deploy malware
Classification:
- HashTags: #Microsoft #ASPNET #CodeInjection
- Company: Microsoft
- Target: IIS Servers
- Product: ASP.NET
- Feature: ViewState
- Malware: Godzilla
- Type: Malware
- Severity: Medium