Cybercriminals are abusing a weakness in ASP.NET websites to remotely execute malicious code, according to Microsoft’s Threat Intelligence team, which has published an in-depth analysis of the new method. In the article, Microsoft explained threat actors were injecting malicious code through a method called ViewState code injection attacks.
ViewState is a feature in ASP.NET websites that helps remember user input and page settings when the page is refreshed. It stores this information in a hidd
