This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.
The remote Windows host is affected by an information disclosure
The remote Windows host is missing a security update. It is,
therefore, affected by an information disclosure vulnerability in the
.NET Framework Data Provider for SQL Server due to improper handling
of developer-supplied keys. An unauthenticated, remote attacker can
exploit this to disclose sensitive information that should be
protected by the Always Encrypted feature. Furthermore, an attacker
who can access incorrectly encrypted data could decrypt that data by
using an easily guessable key. Misuse of the key can also result in
access to data being temporarily lost.
See also :
Microsoft has released a set of patches for Microsoft .NET Framework 4.6.2.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : false