{"id":235790,"date":"2026-04-23T22:12:52","date_gmt":"2026-04-24T03:12:52","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2026\/04\/microsoft-releases-emergency-patches-for-critical-asp-net-flaw"},"modified":"2026-04-23T22:12:52","modified_gmt":"2026-04-24T03:12:52","slug":"microsoft-releases-emergency-patches-for-critical-asp-net-flaw","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2026\/04\/microsoft-releases-emergency-patches-for-critical-asp-net-flaw","title":{"rendered":"Microsoft releases emergency patches for critical ASP.NET flaw"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/microsoft-releases-emergency-patches-for-critical-asp-net-flaw.jpg\"><\/a><\/p>\n<p>Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability.<\/p>\n<p>The security flaw (tracked as <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-40372\" target=\"_blank\" rel=\"nofollow noopener\">CVE-2026\u201340372<\/a>) was found in the ASP.NET Core Data Protection cryptographic APIs, and it could allow unauthenticated attackers to gain SYSTEM privileges on affected devices by forging authentication cookies.<\/p>\n<p>Microsoft discovered the flaw following user reports that decryption was failing in their applications after installing the. NET 10.0.6 update release during this month\u2019s Patch Tuesday.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Microsoft has released out-of-band (OOB) security updates to patch a critical ASP.NET Core privilege escalation vulnerability. The security flaw (tracked as CVE-2026\u201340372) was found in the ASP.NET Core Data Protection cryptographic APIs, and it could allow unauthenticated attackers to gain SYSTEM privileges on affected devices by forging authentication cookies. Microsoft discovered the flaw following user [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1492],"tags":[],"class_list":["post-235790","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/235790","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=235790"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/235790\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=235790"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=235790"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=235790"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}