On October 9th, Microsoft said that they were currently investigating for security vulnerabilities in ASP.NET reported before. It is reported that the security vulnerability allows hackers to bypass the security settings of the web server to view sensitive information on the server. A few days ago, Microsoft has provided how to enable business to avoid hacker attacks on its website, but no patches have been provided. It is reported that the security leak is present in the "Canonicalization Routine" component of ASP.NET. Hackers can use the vulnerability by creating a URL, thus bypassing Windows system verification. As is well known, ASP.NET is the latest version of Microsoft ASP technology, which allows developers to create web applications by embedding various small programs. These applets can be written in languages such as VB, Perl and C #. And "Canonicalization Routine components are used to handle URL requests and to determine the best way to handle these requests. According to Microsoft, running on Windows 2000, Windows 2000 Server, XP Professional, and Windows Server 2003 systems The ASP.NET version has this security vulnerability. At the same time, Microsoft also released an "ASP.NET VALIDATEPATH module to temporarily apply to IIS 5.0, 5.1 or 6.0 web server. But the vulnerability security patch is still developed Among them. At the same time, Microsoft also recommends that the website owner goes to Microsoft's support site to view more details about the vulnerability. Site links are as follows: support.microsoft.com/? Kbid = 887459.
