Microsoft Issues Critical Update for ASP.NET Vulnerability

Global AI Watch·22 April 2026·3 min read·Ars Technica AI

Key Takeaways

1Microsoft patches high-severity ASP.NET Core vulnerability in 10.0.7.
2Security flaw allows unauthenticated SYSTEM privilege escalation.
3Update reduces foreign dependency on software security frameworks.

Microsoft has released an emergency update, version 10.0.7, for its ASP.NET Core framework to address a critical vulnerability (CVE-2026-40372) that allows unauthenticated attackers to gain SYSTEM privileges on Linux and macOS devices. This high-severity flaw stems from improper cryptographic signature verification, which could allow malicious entities to forge authentication payloads and compromise security, particularly during HMAC validation processes. The vulnerability impacts versions 10.0.0 to 10.0.6 of the Microsoft.AspNetCore.DataProtection NuGet package. Users running affected versions are advised to immediately upgrade to mitigate risks.

Source

Ars Technica AIhttps://arstechnica.com/security/2026/04/microsoft-issues-emergency-update-for-macos-and-linux-asp-net-threat/

Read original

Related Sovereign AI Articles

Explore Trackers

Sovereign AI IndexCountry-by-country rankings Global AI Activity MapLive regional intelligence

Key Takeaways

Related Sovereign AI Articles

North Carolina Proposes Bill for Data Center Cost Coverage

Tumbler Ridge Families Sue OpenAI Over ChatGPT Incident

Ukraine Launches Domestic Defense Weapon Exports

EU and ASEAN Push for Multilateralism Amid Trade Tensions

AI Job Impact Raises Concerns for Future Workforce

Explore Trackers