Security Updates for Microsoft .NET Framework (May 2018)

high Nessus Plugin ID 109652

Synopsis

The Microsoft .NET Framework installation on the remote host is affected by multiple vulnerabilities.

Description

The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability could circumvent a User Mode Code Integrity (UMCI) policy on the machine. (CVE-2018-1039)

- A denial of service vulnerability exists when .NET and .NET Core improperly process XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET (or .NET core) application. The update addresses the vulnerability by correcting how .NET and .NET Core applications handle XML document processing.
(CVE-2018-0765)

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

http://www.nessus.org/u?41c43cb2

http://www.nessus.org/u?1c09ca2b

http://www.nessus.org/u?7a7d72d3

http://www.nessus.org/u?3fe33cd0

http://www.nessus.org/u?3396f0cc

http://www.nessus.org/u?0dcf45ad

http://www.nessus.org/u?d006f874

http://www.nessus.org/u?01808ffe

http://www.nessus.org/u?c0b4dd6d

http://www.nessus.org/u?5483f9b8

http://www.nessus.org/u?e6fc001a

http://www.nessus.org/u?fb504ab5

http://www.nessus.org/u?8a34215b

http://www.nessus.org/u?c30e2b96

http://www.nessus.org/u?6c6f6f2b

http://www.nessus.org/u?78d71558

http://www.nessus.org/u?2fafc93a

http://www.nessus.org/u?c993d489

http://www.nessus.org/u?a80d2f6a

http://www.nessus.org/u?d71b2a16

http://www.nessus.org/u?cfc3021f

http://www.nessus.org/u?f6e88e34

http://www.nessus.org/u?e553999f

http://www.nessus.org/u?9d0d5cd2

http://www.nessus.org/u?aca51532

Plugin Details

Severity: High

ID: 109652

File Name: smb_nt_ms18_may_4096418.nasl

Version: 1.6

Type: local

Agent: windows

Published: 5/9/2018

Updated: 11/8/2019

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-1039

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 5/8/2018

Vulnerability Publication Date: 5/8/2018

Reference Information

CVE: CVE-2018-0765, CVE-2018-1039

BID: 104060, 104072

MSFT: MS18-4095512, MS18-4095513, MS18-4095514, MS18-4095515, MS18-4095517, MS18-4095518, MS18-4095519, MS18-4095872, MS18-4095873, MS18-4095874, MS18-4095875, MS18-4095876, MS18-4096235, MS18-4096236, MS18-4096237, MS18-4096416, MS18-4096417, MS18-4096418, MS18-4096494, MS18-4096495, MS18-4103716, MS18-4103721, MS18-4103723, MS18-4103727, MS18-4103731

MSKB: 4095512, 4095513, 4095514, 4095515, 4095517, 4095518, 4095519, 4095872, 4095873, 4095874, 4095875, 4095876, 4096235, 4096236, 4096237, 4096416, 4096417, 4096418, 4096494, 4096495, 4103716, 4103721, 4103723, 4103727, 4103731