Microsoft has issued emergency security updates to address a critical privilege escalation vulnerability in ASP.NET Core, allowing unauthenticated attackers to gain SYSTEM privileges by forging authentication cookies. Users are urged to update to the latest package version to mitigate risks associated with this flaw.
Microsoft's release of emergency patches for a critical ASP.NET Core Data Protection vulnerability (CVE-2026-40372) underscores the urgency for cybersecurity teams to immediately update to version 10.0.7. This flaw allows unauthenticated attackers to forge authentication cookies and gain SYSTEM privileges, posing a severe risk to application integrity. Ensure your systems are patched and redeploy applications to prevent any exploitation of this vulnerability.