Microsoft Releases Update for DoS Flaw in .NET Core

Customers are advised to install the latest version of PowerShell to fully address CVE-2020-1108.

Dark Reading Staff, Dark Reading

June 16, 2020

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Last week Microsoft published a revision to CVE-2020-1108, a denial-of-service (DoS) vulnerability in the .NET Core and .NET Framework. To fully address the flaw, the company released updates for PowerShell Core 6.2 and PowerShell 7.0, according to an email advisory sent on June 11.

A DoS bug exists when .NET Core or .NET Framework improperly handles Web requests. An attacker who successfully exploited this could launch a DoS against a .NET Core or .NET Framework Web applications, Microsoft explains. The flaw can be exploited without authentication by an attacker who sends specially crafted requests to the targeted app.

CVE-2020-1108 addresses the flaw by adjusting how the .NET Core or .NET Framework Web application handles Web requests. The vulnerability had not been publicly shared or exploited prior to its initial disclosure last month, and Microsoft considers "exploitation less likely." Still, users are advised to install the latest version of PowerShell to be fully protected from attack.

Read more details here.

VIRTUALSUMMIT_DR20_320x50.jpg

 

 

 

 

 

 

Learn from industry experts in a setting that is conducive to interaction and conversation about how to prepare for that "really bad day" in cybersecurity. Click for more information and to register

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights