Computerworld: Microsoft has released a security advisory about a vulnerability in its ASP.Net Web application framework. The bug could allow criminals to break the encryption on Web sites, potentially enabling them to steal files, passwords, or other data.
For now, Microsoft has released a workaround for Web site administrators. The company says it is working on patching the products affected by the bug, which include all versions of Windows.
Security researchers estimate that one quarter of all Web sites rely on ASP.Net.