Security Updates for Microsoft .NET Framework (September 2023)

high Nessus Plugin ID 181375

Synopsis

The Microsoft .NET Framework installation on the remote host is missing a security update.

Description

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by multiple vulnerabilities, as follows:

- Multiple vulnerabilities in DiaSymReader.dll where parsing an corrupted PDB can result in remote code execution. (CVE-2023-36792, CVE-2023-36793, CVE-2023-36794 CVE-2023-36796)

- A vulnerability in the WPF XML parser where an unsandboxed parser can lead to remote code execution.
(CVE-2023-36788)

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

http://www.nessus.org/u?3bbdfd35

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36788

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796

https://support.microsoft.com/en-us/help/5029938

https://support.microsoft.com/en-us/help/5029940

https://support.microsoft.com/en-us/help/5029941

https://support.microsoft.com/en-us/help/5029942

https://support.microsoft.com/en-us/help/5029943

https://support.microsoft.com/en-us/help/5029944

https://support.microsoft.com/en-us/help/5029945

https://support.microsoft.com/en-us/help/5029946

https://support.microsoft.com/en-us/help/5029947

https://support.microsoft.com/en-us/help/5029948

https://support.microsoft.com/en-us/help/5030030

https://support.microsoft.com/en-us/help/5030160

https://support.microsoft.com/en-us/help/5029915

https://support.microsoft.com/en-us/help/5029916

https://support.microsoft.com/en-us/help/5029917

https://support.microsoft.com/en-us/help/5029919

https://support.microsoft.com/en-us/help/5029920

https://support.microsoft.com/en-us/help/5029921

https://support.microsoft.com/en-us/help/5029922

https://support.microsoft.com/en-us/help/5029923

https://support.microsoft.com/en-us/help/5029924

https://support.microsoft.com/en-us/help/5029925

https://support.microsoft.com/en-us/help/5029926

https://support.microsoft.com/en-us/help/5029927

https://support.microsoft.com/en-us/help/5029928

https://support.microsoft.com/en-us/help/5029929

https://support.microsoft.com/en-us/help/5029931

https://support.microsoft.com/en-us/help/5029932

https://support.microsoft.com/en-us/help/5029933

https://support.microsoft.com/en-us/help/5029937

Plugin Details

Severity: High

ID: 181375

File Name: smb_nt_ms23_sep_dotnet.nasl

Version: 1.4

Type: local

Agent: windows

Published: 9/13/2023

Updated: 11/16/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.3

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2023-36796

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 9/12/2023

Vulnerability Publication Date: 9/12/2023

Reference Information

CVE: CVE-2023-36788, CVE-2023-36792, CVE-2023-36793, CVE-2023-36794, CVE-2023-36796

IAVA: 2023-A-0470-S

MSFT: MS23-5029916, MS23-5029917, MS23-5029919, MS23-5029920, MS23-5029921, MS23-5029922, MS23-5029923, MS23-5029924, MS23-5029925, MS23-5029926, MS23-5029927, MS23-5029928, MS23-5029929, MS23-5029931, MS23-5029932, MS23-5029933, MS23-5029937, MS23-5029938, MS23-5029940, MS23-5029941, MS23-5029942, MS23-5029943, MS23-5029944, MS23-5029945, MS23-5029946, MS23-5029947, MS23-5029948, MS23-5030030, MS23-5030160

MSKB: 5029915, 5029916, 5029917, 5029919, 5029920, 5029921, 5029922, 5029923, 5029924, 5029925, 5029926, 5029927, 5029928, 5029929, 5029931, 5029932, 5029933, 5029937, 5029938, 5029940, 5029941, 5029942, 5029943, 5029944, 5029945, 5029946, 5029947, 5029948, 5030030, 5030160