Security and Quality Rollup for .NET Framework (May 2017)
Medium Nessus Plugin ID 100056
SynopsisThe remote Windows host has a software framework installed that is affected by a security feature bypass vulnerability.
DescriptionThe version of Microsoft .NET Framework installed on the remote Windows host is missing a security update. It is, therefore, affected by a security bypass vulnerability in the Microsoft .NET Framework and .NET Core components due to a failure to completely validate certificates. An unauthenticated, remote attacker can exploit this to present a certificate that is marked invalid for a specific use, but the component uses it for that purpose, resulting in a bypass of the Enhanced Key Usage taggings.
SolutionMicrosoft has released a set of patches for Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, and 4.7