Security Updates for Microsoft .NET Framework (September 2018)

critical Nessus Plugin ID 117431

Synopsis

The Microsoft .NET Framework installation on the remote host is missing a security update.

Description

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2018-8421)

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

http://www.nessus.org/u?ad8ca318

http://www.nessus.org/u?fed37122

http://www.nessus.org/u?ba8fc7a2

http://www.nessus.org/u?f54e1cd2

http://www.nessus.org/u?49559bb8

http://www.nessus.org/u?dee71c23

http://www.nessus.org/u?ed0492e1

http://www.nessus.org/u?6d088a5e

http://www.nessus.org/u?8e9df1b4

http://www.nessus.org/u?db9cdb46

http://www.nessus.org/u?449d58e9

http://www.nessus.org/u?3cc1fccb

http://www.nessus.org/u?df971ee0

http://www.nessus.org/u?3ea99582

http://www.nessus.org/u?d4fb28dc

http://www.nessus.org/u?0e99f7d4

http://www.nessus.org/u?3dc3e58e

http://www.nessus.org/u?625cb458

http://www.nessus.org/u?77405e03

http://www.nessus.org/u?dd34e6e6

http://www.nessus.org/u?60a8394d

http://www.nessus.org/u?13887e06

http://www.nessus.org/u?db0b04e3

http://www.nessus.org/u?c1b632e4

http://www.nessus.org/u?a8e356c6

Plugin Details

Severity: Critical

ID: 117431

File Name: smb_nt_ms18_sep_dotnet.nasl

Version: 1.7

Type: local

Agent: windows

Published: 9/12/2018

Updated: 11/1/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2018-8421

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 9/11/2018

Vulnerability Publication Date: 9/11/2018

Reference Information

CVE: CVE-2018-8421

BID: 105222

MSFT: MS18-4457025, MS18-4457026, MS18-4457027, MS18-4457028, MS18-4457029, MS18-4457030, MS18-4457033, MS18-4457034, MS18-4457035, MS18-4457036, MS18-4457037, MS18-4457038, MS18-4457042, MS18-4457043, MS18-4457044, MS18-4457045, MS18-4457053, MS18-4457054, MS18-4457055, MS18-4457056, MS18-4457128, MS18-4457131, MS18-4457132, MS18-4457138, MS18-4457142

MSKB: 4457025, 4457026, 4457027, 4457028, 4457029, 4457030, 4457033, 4457034, 4457035, 4457036, 4457037, 4457038, 4457042, 4457043, 4457044, 4457045, 4457053, 4457054, 4457055, 4457056, 4457128, 4457131, 4457132, 4457138, 4457142