{"id":234633,"date":"2026-04-22T14:39:00","date_gmt":"2026-04-22T18:39:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/04\/22\/microsoft-issues-out-of-band-patch-for-critical-security-flaw-in-update-to-asp-net-core\/"},"modified":"2026-04-23T06:35:14","modified_gmt":"2026-04-23T10:35:14","slug":"microsoft-issues-out-of-band-patch-for-critical-security-flaw-in-update-to-asp-net-core","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/04\/22\/microsoft-issues-out-of-band-patch-for-critical-security-flaw-in-update-to-asp-net-core\/","title":{"rendered":"Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core"},"content":{"rendered":"<p><a href=\"https:\/\/www.csoonline.com\/article\/4162178\/microsoft-issues-out-of-band-patch-for-critical-security-flaw-in-update-to-asp-net-core.html\">Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core<\/a><\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/4162178\/microsoft-issues-out-of-band-patch-for-critical-security-flaw-in-update-to-asp-net-core.html\">https:\/\/www.csoonline.com\/article\/4162178\/microsoft-issues-out-of-band-patch-for-critical-security-flaw-in-update-to-asp-net-core.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-04-22 14:39:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.csoonline.com\">www.csoonline.com<\/a><\/p>\n<p>When embedded in applications, these long-lived tokens confer the sort of power attackers quickly jump on. \u201cIf an attacker used forged payloads to authenticate as a privileged user during the vulnerable window, they may have induced the application to issue legitimately-signed tokens (session refresh, API key, password reset link, etc.) to themselves,\u201d the advisory noted.<\/p>\n<p>This vulnerability arrives only six months after ASP.NET suffered one of its worst ever flaws, October\u2019s CVSS 9.9-rated CVE-2025-55315 in the Kestrel web server component. But somewhat alarmingly, the current advisory goes on to compare the issue to MS10-070, an emergency patch for CVE-2010-3332, an infamous zero-day vulnerability in the way Windows ASP.NET handled cryptographic errors that caused a degree of panic in 2010.<\/p>\n<h2 class=\"wp-block-heading\" id=\"not-a-simple-update\">Not a simple update<\/h2>\n<p>Normally, when flaws are uncovered, the drill involves merely applying an update, workaround, or mitigation. In this case, the update itself should have already happened automatically for server builds, taking runtimes to the patched version 10.0.7.<\/p>\n<p><a href=\"https:\/\/www.csoonline.com\/article\/4162178\/microsoft-issues-out-of-band-patch-for-critical-security-flaw-in-update-to-asp-net-core.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft issues out-of-band patch for critical security flaw in update to ASP.NET Core https:\/\/www.csoonline.com\/article\/4162178\/microsoft-issues-out-of-band-patch-for-critical-security-flaw-in-update-to-asp-net-core.html Publish&#8230;<\/p>\n","protected":false},"author":1,"featured_media":234634,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.csoonline.com\/wp-content\/uploads\/2026\/04\/4162178-0-38077700-1776883062-MS-building.jpg?quality=50&strip=all&w=1024","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[27],"class_list":["post-234633","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/234633"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=234633"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/234633\/revisions"}],"predecessor-version":[{"id":234635,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/234633\/revisions\/234635"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/234634"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=234633"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=234633"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=234633"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}