MS KB2960358: Update for Disabling RC4 in .NET TLS

medium Nessus Plugin ID 73992

Synopsis

The remote host has a deprecated, weak encryption cipher available.

Description

The remote host is missing an update for disabling the weak RC4 cipher suite in .NET TLS.

Note that even though .NET Framework 4.6 itself is not affected, any Framework 4.5, 4.5.1, or 4.5.2 application that runs on a system that has 4.6 installed is affected.

Solution

Microsoft has released a set of security updates for the .NET Framework on Windows 7, 2008 R2, 8, 2012, 8.1, 2012 R2, and 10.

See Also

http://www.nessus.org/u?bd8cd59b

Plugin Details

Severity: Medium

ID: 73992

File Name: smb_kb2960358.nasl

Version: 1.10

Type: local

Agent: windows

Family: Windows

Published: 10/13/2015

Updated: 4/19/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS Score Rationale: Score based on analysis by tenable research and scoring of similar vulnerabilities.

CVSS v2

Risk Factor: Medium

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Medium

Base Score: 4.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

Vulnerability Information

CPE: cpe:/o:microsoft:windows, cpe:/a:microsoft:.net_framework

Required KB Items: SMB/Registry/Enumerated, SMB/WindowsVersion

Patch Publication Date: 5/13/2014

Vulnerability Publication Date: 5/13/2014

Reference Information

MSKB: 2960358