Vulnerable ASP.NET Keys Used to Unlock PC Security

ASP.NET keys, malicious code, malicious ViewState, Microsoft, monitor applications, Ophtek, System Updates, , , , , ,
04
Mar 2025

Attackers are exploiting exposed ASP.NET keys to inject malicious code into web applications, leading to unauthorized access and potential data breaches.

Microsoft has announced that a major security issue has been identified where cybercriminals are taking advantage of publicly available ASP.NET machine keys. These keys, usually used to secure web applications, are being altered to insert harmful code, compromising the security of affected systems.

What is ASP.NET and How Does it Work?

ASP.NET is a free framework developed by Microsoft to help people build web applications and services. Part of this framework involves a feature called ViewState, used to help web pages remember user data and maintain this information across different sessions. To protect this data, ASP.NET uses machine keys such as ‘validationKey’ and ‘decryptionKey’ to ward off any malicious activities. These keys are used to encrypt and validate the data, ensuring it remains secure and confidential.

However, an investigation by Microsoft’s Threat Intelligence team has discovered that some developers are copying these machine keys from online sources, such as repositories, and using them in their own applications. This practice quickly becomes a risk when the same keys are reused across multiple applications or when they can easily be found. These scenarios allow threat actors to find these keys and use them to create malicious versions of ViewState data.

How has ViewState Been Compromised?

When a threat actor gets hold of a machine key used by a target application, they can create a malicious ViewState – this is a piece of data typically trusted by the application and won’t ring any alarm bells. The malicious ViewState is sent to the server through a POST request. As the ViewState is signed with the correct machine key, the receiving server believes it’s genuine. Once this data has been received and processed, the server unknowingly executes the malicious code embedded within the ViewState.

This method grants threat actors remote access to the compromised server and free rein to execute any processes they want. So, for example, the threat actors could download additional malware, steal sensitive information, and take full control of the server. In one case, the attackers used this technique to launch a cryptocurrency miner on a compromised server. This allowed the threat actors to take control of any PCs on the infected server and use their resources to generate digital currencies. This may sound harmless but it’s at the expense of the PCs performance.

Protecting Yourself from Malicious ViewState

ASP.NET is highly popular and is used by countless websites, so it’s important that we understand the best way to protect users of the framework. Here’s Ophtek’s three top tips for safe usage of ASP.NET:

  1. Use Unique and Secure Keys: Developers using ASP.NET should generate unique machine keys for each application. Always avoid copying keys from online sources or reusing them in other applications. This practice ensures that even if one application’s key is compromised, others remain secure.
  2. Regularly Update Systems: It’s paramount that, as with all software, your web applications and servers are up to date with the latest security patches. Regular updates help you address zero-day vulnerabilities and reduce the risk of your IT infrastructure being compromised.
  3. Monitor Application Activity: You should always use monitoring tools to keep an eye on application behavior. Unusual activities, such as unexpected POST requests or unauthorized installs, can be early indicators of a developing attack. By conducting regular audits, you can increase your chances of stopping an infection before it causes damage.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Windows 11 Is Here and There Are Plenty of Changes

Microsoft, Microsoft 365, Ophtek, power automate, Security, teams, upgrade, upgrade software, widgets, Windows 11, Windows Task Scheduler, , , , , , , ,
01
Feb 2022

The latest version of Microsoft’s operating system Windows has now been rolled out; and Windows 11 comes with plenty of changes for PC users.

Windows 10 was released in 2015 and, since then, there have been many changes in IT. While Windows 10 is still more than capable of dealing with modern IT, there always comes a point where an overhaul is needed. And this is why Windows 11 has been released. It’s available as a free upgrade to anyone currently running Windows 10 and contains both updated applications and functionality.

Upgrading to a new operating system has always represented a major shift in the way that PCs operate, so it’s important to understand what happens when you hit that ‘install’ button.

Why Are Upgrades Necessary?

Taking advantage of operating system upgrades allows you to harness numerous benefits. Firstly, an older operating system is always up against a ticking clock of being discontinued. Once support has been discontinued, an older operating system is more at risk of security threats. Secondly, new operating systems are better positioned to cope with the demands of modern IT. Therefore, installing an upgraded version ensures you have a better user experience.

What’s Changed with Windows 11?

As with all previous upgrades on Windows, there are a significant number of changes. Many of these are unlikely to be noticed by your average PC user, but others will be more obvious. The most important changes are:

  • Microsoft Teams: during the Covid-19 pandemic, Microsoft Teams became a valuable tool for employees to communicate through. But it had never been an in-built part of the Windows operating system. Starting with Windows 11, however, it is now included by default.
  • Power Automate: Windows 11 has a new feature called Power Automate which allows PC users to program ‘flows’ which create automated tasks such as notifying team members when new files are added to a specific location.
  • Widgets: the interface of Windows 11 now allows you to harness the power of widgets, a type of software which has been common on mobile devices for some time. These new desktop widgets allow you to install widgets which provide information “at a glance” on a slide-out menu such as calendar updates.
  • Security: one of the major security features of Windows 11 is that it will only run on new machines. Therefore, if your hardware is starting to look even slightly old, it’s unlikely Windows 11 will run on it. This means that Microsoft is setting a strong baseline to ensure PCs running Windows 11 are as up to date as possible. Built on top of this security foundation are several background security processes including updated stack protection and enhanced bootup security.
  • Interface Design: the most notable changes in Windows 11 relate to the visual aesthetics of the interface. The start menu has been overhauled to provide quicker access to the apps you need, notifications are now grouped together to make accessing them quicker and File Explorer has been redesigned to look smarter and more intuitive.

Final Thoughts

Installing updated software is always recommended to ensure your PC is running with the best protection and functionality. And upgrading to Windows 11 is no different. It’s an essential upgrade and one which, although certain features will require some adjustment time, will provide you with enhanced productivity and a smoother user experience.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Microsoft Announces 97 Vulnerabilities in Windows

Microsoft, Ophtek, patches, Windows 10, Windows 11, Windows 7, Windows 8, Windows Server, zero-day, , , , , , , ,
25
Jan 2022

Windows is one of the most popular operating systems around and, as it’s a Microsoft product, you would like to think it’s safe. But this isn’t quite true.

As part of their January 2022 ‘Patch Tuesday’ report, Microsoft announced that 97 new security vulnerabilities had been discovered across its range of operating systems. And with an estimated 1 billion Windows PCs in use across the globe, this is very concerning. Any operating system, of course, is a highly complex piece of software. The sheer amount of coding required, to deliver high quality functionality, means that mistakes are inevitable. And then there are the hackers, individuals who are determined to find new and innovative ways to breach Windows.

What Were the Vulnerabilities?

Nine of the reported vulnerabilities were classed as critical by Microsoft, with the remaining 88 being classed as significant threats. Technical details are yet to be released, but it’s known that some of the critical vulnerabilities were associated with Microsoft Exchange Servers and the HTTP Protocol Stack. And, in particular, the HTTP Protocol Stack vulnerabilitiy is one which would allow hackers to allow remote code execution i.e. taking control of an affected PC from a remote connection.

Six of the vulnerabilities discovered have also been categorized as zero-day vulnerabilties. These affect a range of Windows background processes and, as they are classed as zero-day, it’s believed that they were known to hackers before Microsoft’s announcement. Collectively, the 97 vulnerabilities are believed to have impacted the security of major Microsoft applications including Excel, Word, Edge, Windows Defender and all manner of network tools. As a result, it’s believed that users of Windows 7, Windows 8, Windows 10, Windows 11, Windows Server 2019 and even Windows Server 2022 are all at risk.

How Can Windows Users Stay Safe?

Naturally, any user of Windows is likely to be very concerned after reading the above. But the good news is that Microsoft’s January 2022 patch addresses all of these vulnerabilities. Installing it, therefore, should be the number one priority for any PCs running Windows. And that will be nearly all of them. Unfortunately, for those running Windows Server 2019 and Server 2022, this patch was withdrawn due to bugs it was generating in these environments. Users of these operating systems should remain extra vigilant and ensure that automatic Windows updates are in place.

Final Thoughts

The last few months have been relatively poor for Microsoft when it comes to patching vulnerabilities. In September 2021, it was revealed that their patch for the ‘PrintNightmare’ flaw contained bugs which negatively affected numerous printers. And, now, it appears to be history repeating itself with Windows Server users left vulnerable to both security risks and buggy updates. These issues will, no doubt, be rectified quickly but, as ever, time is of the essence when it comes to PC security. Ultimately, installing each and every security update remains the very best practice for protecting your IT devices.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Windows Print Spooler Vulnerability Accidentally Leaked

Cyber Security, Microsoft, Network, Ophtek, patches, print spooler, zero-day, , , , , ,
13
Jul 2021

If a hacker can find a software vulnerability, then it grants them easy access to a PC. This is even easier when a vulnerability is leaked by researchers.

Security researchers are constantly searching for software and hardware vulnerabilities. But where researchers and hackers differ is their intent. A security researcher wants to legitimately identify vulnerabilities so that they can be secured and lessons learned for the future. However, a Chinese technology firm by the name of Sangfor recently revealed details of an unknown Windows vulnerability in Print Spooler. And, unfortunately, Microsoft hadn’t managed to patch it.

What is a Zero-Day Vulnerability?

The type of vulnerability found in Print Spooler is known as a zero-day vulnerability. This name refers to the number of days a software vendor has had to patch a vulnerability and the percentage chance that a user has of being protected. And this is why zero-day vulnerabilities are so dangerous. There is no immediate protection available, so hackers are given free rein to cause widespread chaos.

What is the Print Spooler Vulnerability?

The design of the Print Spooler vulnerability – whose exploit code was listed within Sangfor’s paper – has the potential to cause numerous issues. The specifics of this exploit allow hackers to obtain full system access privileges. This is achieved by granting them permission to load malicious drivers into any servers containing this vulnerability. With full control of an IT network, hackers can then download further malware, steal data and operate infected workstations from a remote location. And, although a patch was recently released for vulnerabilities in Print Spooler, this particular exploit was not identified by Microsoft.

How Do You Protect Against Vulnerabilities?

As of the time of this article, Microsoft do not have a patch available for what has been dubbed the PrintNightmare vulnerability. This is concerning as it provides a significant amount of risk to Windows users. While it is certain that Microsoft will release a security patch, the fact remains that – as revealed by Microsoft – attacks using this exploit have already been identified. Therefore, you need to know how to protect your IT systems:

  • Disable Print Spooler: In the case of the PrintNightmare vulnerability, you can eliminate the risk is by temporarily disabling the print spooler. This does, however, remove the ability for your organization to print across its network.
  • Monitor Network Activity: If your IT system has been exploited through a vulnerability then it’s likely there will be an increase in network activity. This will be most visible in outgoing traffic as the hackers will likely be transmitting data to a remote server. An increase in data output to an unknown location should ring alarm bells and indicate that something is wrong.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More

Malware Hidden in Fake Microsoft DirectX Download Page

Antivirus, Direct X, fake emails, fake websites, malicious websites, Microsoft, Ophtek, , , ,
11
May 2021

Microsoft is a name you should be able to trust. But, online, nothing is ever quite as it seems. And that’s why you need to be careful what you click.

DirectX is a crucial component when it comes to processing multimedia materials on Windows PCs. It has been in use for over 25 years now and is an established element of the Windows experience. But it’s this familiarity, and reliance on the software, which makes it the perfect target for hackers. Accordingly, security researchers have discovered a fake web page which claims to carry a genuine version of the software. Unfortunately, the only thing that this download contains is untold trouble and chaos for IT systems.

It’s always important to be aware of the latest threats, so we’re going to take you through the processes involved in this new attack.

Fake Website Spells Danger

The fake website in question has been set up by hackers to look like a genuine site offering a download of DirectX 12 for Windows. The hackers have been careful to disguise the website as genuine by putting some effort into its design. Most malicious websites are basic with the main emphasis being on a download button. While this latest website does rely on a download button, the designers have also included additional pages including: a contact form, copyright infringement details, a privacy policy and a legal disclaimer. This ‘extra effort’ is used in order to create a false sense of security.

Victims of this download scam are likely to find themselves at this website through a number of means: they may have received fake emails urging them to download a new version or they may have found the website through a search engine. Either way, the results of infection are the same. Clicking on the download page will forward users to a remote website where they are prompted to download the software. Two options are put forwards to the user: a 32-bit or a 64-bit version. Both files will then download further malware capable of the following:

  • Stealing confidential data such as login credentials by recording keystrokes
  • Unauthorized transmission of user files
  • Accessing a wide range of cryptocurrency wallets to steal funds

How to Avoid the Dangers of Malicious Websites

The threat of malicious websites is nothing new, but their continued presence online indicates that PC users need continual refreshers on them. Therefore, make sure that your staff practice the following:

  • Only ever download software from the manufacturer’s official website e.g. DirectX software should only be downloaded from Microsoft. And always double check that the website address is genuine. If in doubt, get an IT professional to verify it.
  • Install anti-virus software on your PCs that evaluates websites and blocks those that are suspected of being malicious. This is a common feature of almost all anti-virus software and offers you a valuable moment of thought before proceeding.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More
1 2 3