Microsoft has issued a warning to developers about the risks associated with publicly available ASP.NET machine keys, which hackers are using to execute malware attacks, particularly through ViewState code injection. These keys, meant for protecting ViewState security, are being misused due to their availability online, increasing the attack surface for malicious actors. Microsoft recommends developers to create secure, unique keys and to implement additional security measures, including encryption of sensitive data and upgrades to the latest ASP.NET versions to mitigate these threats.
According to Microsoft, hackers are exploiting over 3000 publicly available ASP.NET keys for malware attacks through ViewState code injection, significantly increasing the attack surface.
Microsoft emphasizes the importance of generating unique keys securely and advises developers against utilizing default keys found online, as these pose significant risks.
Collection
[
|
...
]