All Umbraco versions affected. Remove
/bin/umbraco.webservices.dll! A quick and short message to all Umbraco users, which just dropped in my Inbox:
During one of our regular security audits of the core, a severe security vulnerability was found in the integration web services of Umbraco and we recommend everyone to take immediate action to prevent any exploit.
More details will come in a few weeks when people have had a chance to update their installations, but for now we ask you to remove the following file from all your Umbraco installations:
The security vulnerability affects all versions of Umbraco.
This will not affect the daily use of your Umbraco installation. It *might* affect integration with your Umbraco installation, but less than 1% use the integration web services. For those who do use the integration web services we recommend that you get in touch with email@example.com.
We’re sorry for the inconvenience.
Niels Hartvig on behalf of the hard working core team.
Complete post and more information:
My name is Jan. I am not a hacker, coder, developer, programmer or guru. I am merely a system administrator, doing my daily thing at Vevida in the Netherlands. With over 15 years of experience, my specialties include Windows Server, IIS, Linux (CentOS, Debian), security, PHP, WordPress, websites & optimization. Want to support me and donate? Use this link: https://paypal.me/jreilink.
A cheat-sheet for password crackers
Windows privilege escalation guide
Help Net Security reviewed Acunetix 11
Vulnerabilities in .NET Core, ASP.NET Core Could Allow Elevation of Privilege
Penetration Testers’ Guide to Windows 10 Privacy & Security
Joomla (< 3.6.4) Account Creation/Elevated Privileges write-up and exploit
Samsung’s smart camera. A tale of IoT & network security
“How we broke PHP, hacked Pornhub and earned $20,000”