Kevin Beaumont on Nostr: Microsoft released a blog this week which I don’t think people have fully ...
Microsoft released a blog this week which I don’t think people have fully understood the implications of, but it’s great research and a great attack by the threat actor.
I think it’s highly likely multiple threat actors will now jump on this, it’s even automatable.
The attack:
1) take a web.config file. They’re really easy to find.
2) POST request to RCE in IIS
The architecture of .net means this is surprisingly easy to do and you don’t patch your way out of it.
https://www.microsoft.com/en-us/security/blog/2025/02/06/code-injection-attacks-using-publicly-disclosed-asp-net-machine-keys/
I think it’s highly likely multiple threat actors will now jump on this, it’s even automatable.
The attack:
1) take a web.config file. They’re really easy to find.
2) POST request to RCE in IIS
The architecture of .net means this is surprisingly easy to do and you don’t patch your way out of it.
https://www.microsoft.com/en-us/security/blog/2025/02/06/code-injection-attacks-using-publicly-disclosed-asp-net-machine-keys/