MS16-155: Security Update for .NET Framework (3205640)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote Windows host is affected by an information disclosure
vulnerability.

Description :

The remote Windows host is missing a security update. It is,
therefore, affected by an information disclosure vulnerability in the
.NET Framework Data Provider for SQL Server due to improper handling
of developer-supplied keys. An unauthenticated, remote attacker can
exploit this to disclose sensitive information that should be
protected by the Always Encrypted feature. Furthermore, an attacker
who can access incorrectly encrypted data could decrypt that data by
using an easily guessable key. Misuse of the key can also result in
access to data being temporarily lost.

See also :

https://technet.microsoft.com/library/security/ms16-155

Solution :

Microsoft has released a set of patches for Microsoft .NET Framework 4.6.2.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 3.7
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows : Microsoft Bulletins

Nessus Plugin ID: 95772 ()

Bugtraq ID: 94741

CVE ID: CVE-2016-7270

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now