Microsoft plans to release an emergency out-of-band update to address a vulnerability in ASP.NET that could allow an attacker to consume all of the resources on a vulnerable server with a single specially designed HTTP request. The vulnerability affects a wide range of Web platforms are vulnerable to this attack, and Microsoft officials said they re releasing the patch now because they expect exploit code to be released in the near future. A single specially crafted. crafted. request can consume 100% of one CPU core for between 90 110 seconds.
Source: https://threatpost.com/microsoft-release-emergency-fix-aspnet-dos-flaw-122911/76039/