Detections
Analytics
Security Updates for Microsoft .NET Framework (February 2019)
high Nessus Plugin ID 122234
Language:
Synopsis
The Microsoft .NET Framework installation on the remote host is affected by multiple vulnerabilities.Description
The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :- A remote code execution vulnerability exists in .NET Framework and Visual Studio software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2019-0613)
- A vulnerability exists in certain .Net Framework API's and Visual Studio in the way they parse URL's. An attacker who successfully exploited this vulnerability could use it to bypass security logic intended to ensure that a user-provided URL belonged to a specific hostname or a subdomain of that hostname. This could be used to cause privileged communication to be made to an untrusted service as if it was a trusted service.
(CVE-2019-0657)
- An information disclosure vulnerability exists when the Windows kernel improperly initializes objects in memory.
To exploit this vulnerability, an authenticated attacker could run a specially crafted application. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.
(CVE-2019-0663)
Solution
Microsoft has released security updates for Microsoft .NET Framework.See Also
http://www.nessus.org/u?a115f2fd
http://www.nessus.org/u?30834b20
http://www.nessus.org/u?019cea8f
http://www.nessus.org/u?36c1f0d4
http://www.nessus.org/u?c56bb182
http://www.nessus.org/u?647a783e
http://www.nessus.org/u?9d8094ee
http://www.nessus.org/u?98ffee64
http://www.nessus.org/u?7bef4183
http://www.nessus.org/u?4e794af1
http://www.nessus.org/u?4173d6f6
http://www.nessus.org/u?4d94fb34
http://www.nessus.org/u?21ccafb3
http://www.nessus.org/u?f84e87c3
http://www.nessus.org/u?bc58c2d9
http://www.nessus.org/u?1aec536e
http://www.nessus.org/u?0db4b115
http://www.nessus.org/u?97d57080
http://www.nessus.org/u?258ca8fb
http://www.nessus.org/u?8553f70f
http://www.nessus.org/u?e5ba9677
http://www.nessus.org/u?f2bda833
http://www.nessus.org/u?25ef9544
http://www.nessus.org/u?ba6e7bcf
Plugin Details
Severity: High
ID: 122234
File Name: smb_nt_ms19_feb_dotnet.nasl
Version: 1.6
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 2/15/2019
Updated: 4/28/2020
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2019-0613
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:.net_framework
Required KB Items: SMB/MS_Bulletin_Checks/Possible
Exploit Ease: No known exploits are available
Patch Publication Date: 2/12/2019
Vulnerability Publication Date: 2/12/2019
Reference Information
CVE: CVE-2019-0613, CVE-2019-0657, CVE-2019-0663
MSFT: MS19-4483449, MS19-4483450, MS19-4483451, MS19-4483452, MS19-4483453, MS19-4483454, MS19-4483455, MS19-4483456, MS19-4483457, MS19-4483458, MS19-4483459, MS19-4483468, MS19-4483469, MS19-4483470, MS19-4483472, MS19-4483473, MS19-4483474, MS19-4483481, MS19-4483482, MS19-4483483, MS19-4483484, MS19-4486996, MS19-4487017, MS19-4487018, MS19-4487020, MS19-4487026
MSKB: 4483449, 4483450, 4483451, 4483452, 4483453, 4483454, 4483455, 4483456, 4483457, 4483458, 4483459, 4483468, 4483469, 4483470, 4483472, 4483473, 4483474, 4483481, 4483482, 4483483, 4483484, 4486996, 4487017, 4487018, 4487020, 4487026