嗯,用户让我帮忙总结一下这篇文章的内容,控制在一百个字以内,而且不需要用“文章内容总结”或者“这篇文章”这样的开头,直接写描述。好的,首先我得仔细阅读文章,理解主要信息。 文章讲的是微软修复了一个ASP.NET Core的严重漏洞,编号是CVE-2026-40372,CVSS评分9.1分。这个漏洞允许攻击者提升权限到SYSTEM级别,访问敏感文件和修改数据。微软发布了紧急更新,修复了这个漏洞,并且提到了这个漏洞是由一个匿名研究人员报告的。 然后,文章详细说明了漏洞的原因:Microsoft.AspNetCore.DataProtection 10.0.0到10.0.6版本中的一个错误导致HMAC验证不正确,有时候会忽略正确的哈希值。这可能让攻击者伪造或解密受保护的数据,比如cookies和反CSRF令牌,从而冒充用户获取有效的会话或令牌。 即使升级到10.0.7版本后,旧的令牌仍然有效,除非旋转了密钥环。微软还指出利用这个漏洞需要满足三个条件:应用程序使用特定版本的NuGet包、该版本在运行时加载,并且应用在非Windows操作系统上运行。 现在我需要把这些信息浓缩到100字以内。首先提到微软修复了这个严重漏洞,编号和评分。然后说明攻击者可以提升权限到SYSTEM级,并访问敏感数据。接着提到这是个紧急更新,并且需要满足特定条件才能被利用。 可能的结构是:微软修复了ASP.NET Core的严重漏洞(CVE-2026-40372),CVSS 9.1分。攻击者可提升权限至SYSTEM级并访问敏感数据。此漏洞需特定条件才能被利用。 这样大约在100字左右,并且直接描述了主要内容。 </think> 微软修复了ASP.NET Core的严重漏洞(CVE-2026-40372),CVSS评分9.1分。该漏洞允许攻击者提升权限至SYSTEM级别并访问敏感数据。此漏洞需特定条件才能被利用。 2026-4-22 14:0:19 Author: securityaffairs.com(查看原文) 阅读量:5 收藏
Microsoft out-of-band updates fixed critical ASP.NET Core privilege escalation flaw
Microsoft fixed critical ASP.NET Core vulnerability, tracked as CVE-2026-40372 (CVSS score of 9.1), that lets attackers escalate privileges.
Microsoft released out-of-band updates to address a serious ASP.NET Core vulnerability tracked as CVE-2026-40372 (CVSS score of 9.1). Microsoft fixed the flaw in ASP.NET Core version 10.0.7.
An attacker could exploit the flaw to gain SYSTEM-level privileges, access sensitive files, and modify data, but they cannot disrupt system availability.
An anonymous researcher reported the flaw, prompting out-of-band patches to reduce risk and protect affected systems.
“Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.” reads the advisory. “An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. Exploiting this vulnerability could allow an attacker to disclose files and modify data, but the attacker cannot impact the availability of the system.”
According to Microsoft, the exploitation of the flaw in attacks in the wild is currently less likely.
According to Microsoft, a bug in Microsoft.AspNetCore.DataProtection 10.0.0–10.0.6 caused incorrect HMAC validation, sometimes ignoring the correct hash. This could let attackers forge or decrypt protected data like cookies and antiforgery tokens, possibly impersonating users and getting valid sessions or tokens. Even after upgrading to 10.0.7, old tokens may remain valid unless the key ring is rotated.
“If an attacker used forged payloads to authenticate as a privileged user during the vulnerable window, they may have induced the application to issue legitimately-signed tokens (session refresh, API key, password reset link, etc.) to themselves.” states Microsoft. “Those tokens remain valid after upgrading to 10.0.7 unless the DataProtection key ring is rotated.”
The tech giant states that the exploitation requires three conditions: the app uses Microsoft.AspNetCore.DataProtection 10.0.6 from NuGet (directly or via dependencies like StackExchangeRedis), the NuGet version is loaded at runtime, and the application runs on a non-Windows OS such as Linux or macOS.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ASP.NET Core)
如有侵权请联系:admin#unsafe.sh