Security Updates for Microsoft .NET Framework (October 2020)

medium Nessus Plugin ID 141503

Synopsis

The Microsoft .NET Framework installation on the remote host is missing a security update.

Description

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory.
(CVE-2020-16937)

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

https://support.microsoft.com/en-us/help/4578968

https://support.microsoft.com/en-us/help/4578969

https://support.microsoft.com/en-us/help/4578971

https://support.microsoft.com/en-us/help/4578972

https://support.microsoft.com/en-us/help/4578974

https://support.microsoft.com/en-us/help/4579976

https://support.microsoft.com/en-us/help/4579977

https://support.microsoft.com/en-us/help/4579978

https://support.microsoft.com/en-us/help/4579979

https://support.microsoft.com/en-us/help/4579980

https://support.microsoft.com/en-us/help/4580327

https://support.microsoft.com/en-us/help/4580328

https://support.microsoft.com/en-us/help/4580330

https://support.microsoft.com/en-us/help/4580346

https://support.microsoft.com/en-us/help/4580467

https://support.microsoft.com/en-us/help/4580468

https://support.microsoft.com/en-us/help/4580469

https://support.microsoft.com/en-us/help/4580470

Plugin Details

Severity: Medium

ID: 141503

File Name: smb_nt_ms20_oct_dotnet.nasl

Version: 1.4

Type: local

Agent: windows

Published: 10/19/2020

Updated: 12/5/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory.

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4

Temporal Score: 3

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:N/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 4.1

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 10/13/2020

Vulnerability Publication Date: 10/13/2020

Reference Information

CVE: CVE-2020-16937

IAVA: 2020-A-0456-S

MSFT: MS20-4578968, MS20-4578969, MS20-4578971, MS20-4578972, MS20-4578974, MS20-4579976, MS20-4579977, MS20-4579978, MS20-4579979, MS20-4579980, MS20-4580327, MS20-4580328, MS20-4580330, MS20-4580346, MS20-4580467, MS20-4580468, MS20-4580469, MS20-4580470

MSKB: 4578968, 4578969, 4578971, 4578972, 4578974, 4579976, 4579977, 4579978, 4579979, 4579980, 4580327, 4580328, 4580330, 4580346, 4580467, 4580468, 4580469, 4580470