Summary: Microsoft Threat Intelligence has revealed a significant vulnerability where attackers use publicly disclosed ASP.NET machine keys to execute ViewState code injection attacks, potentially leading to remote code execution on servers. The report emphasizes the risks associated with incorporating static machine keys from public resources in web applications. A specific example noted is the use of such a key to deploy the Godzilla post-exploitation framework, which offers extensive capabilities to attackers.
Affected: ASP.NET web applications
Keypoints :
- Attackers exploit publicly disclosed ASP.NET machine keys to inject malicious code.
- Over 3,000 publicly known machine keys have been identified, which can lead to vulnerabilities.
- Recommendations include using unique keys, regular key rotation, and monitoring configuration files.
- Microsoft Defender for Endpoint can help detect the use of publicly disclosed keys.
Source: https://securityonline.info/publicly-disclosed-asp-net-machine-keys-used-in-code-injection-attacks/