A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard, aka ".NET Framework Device Guard Security Feature Bypass Vulnerability." This affects Microsoft .NET Framework 4.7.1, Microsoft .NET Framework 4.6, Microsoft .NET Framework 3.5, Microsoft .NET Framework 4.7/4.7.1, Microsoft .NET Framework 3.0, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.5.2, Microsoft .NET Framework 4.6.2/4.7/4.7.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1, Microsoft .NET Framework 2.0, Microsoft .NET Framework 4.6/4.6.1/4.6.2.
http://www.securityfocus.com/bid/104072
http://www.securitytracker.com/id/1040851
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-1039
Source: MITRE
Published: 2018-05-09
Updated: 2019-10-03
Type: NVD-CWE-noinfo
Base Score: 4.6
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 7.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 1.8
Severity: HIGH
AND
OR
OR
AND
OR
OR
cpe:2.3:o:microsoft:windows_10:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1607:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1703:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1709:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_10:1803:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2012:r2:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2016:*:*:*:*:*:*:*:*
AND
OR
OR
AND
OR
OR
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:*:sp2:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
AND
OR
OR
AND
OR
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
OR
AND
OR
cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
OR
AND
OR
cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*
cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*
OR
cpe:2.3:o:microsoft:windows_7:-:sp1:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_8.1:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_rt_8.1:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows_server_2008:r2:sp1:*:*:*:*:*:*
AND
OR
OR
AND
OR
OR
ID | Name | Product | Family | Severity |
---|---|---|---|---|
109652 | Security Updates for Microsoft .NET Framework (May 2018) | Nessus | Windows : Microsoft Bulletins | medium |
109611 | KB4103731: Windows 10 Version 1703 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109610 | KB4103726: Windows Server 2012 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109608 | KB4103727: Windows 10 Version 1709 and Windows Server Version 1709 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109607 | KB4103715: Windows 8.1 and Windows Server 2012 R2 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109606 | KB4103723: Windows 10 Version 1607 and Windows Server 2016 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109605 | KB4103721: Windows 10 Version 1803 and Windows Server Version 1803 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109604 | KB4103712: Windows 7 and Windows Server 2008 R2 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |
109603 | KB4103716: Windows 10 May 2018 Security Update | Nessus | Windows : Microsoft Bulletins | high |