Software engineers over at Microsoft are working hard to fix a critical vulnerability discovered in the Advanced Encryption Standard (AES), which could allow hackers to attack Windows Server to get 'hints' on how to crack the system's encryption.
The vulnerability was disclosed during the Ekoparty Conference taking place in Buenos Aires, Argentina by security researchers Thai Duong and Juliano Rizzo.
The flaw has been found in the way Microsoft ASP.Net decrypts data, making it easier for hackers to gain access to and tamper with sensitive system configuration files.
Kevin Brown, an engineer working with the Microsoft Security Response Center (MSRC) team, wrote on a blog post that "ASP.Net uses encryption to hide sensitive data and protect it from tampering by the client. However, a vulnerability in the ASP.Net encryption implementation can allow an attacker to decrypt and tamper with this data."
Since then, Microsoft has warned that the flaw is being exploited in the wild and has also release a temporary patch to deal with the problem, till it releases a permanent fix.