Security Updates for Microsoft .NET Framework (September 2018)

Critical Nessus Plugin ID 117431

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.

VPR Score: 5.9

Synopsis

The Microsoft .NET Framework installation on the remote host is missing a security update.

Description

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability :

- A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. (CVE-2018-8421)

Solution

Microsoft has released security updates for Microsoft .NET Framework.

See Also

http://www.nessus.org/u?ad8ca318

http://www.nessus.org/u?fed37122

http://www.nessus.org/u?60a8394d

http://www.nessus.org/u?13887e06

http://www.nessus.org/u?db0b04e3

http://www.nessus.org/u?c1b632e4

http://www.nessus.org/u?a8e356c6

http://www.nessus.org/u?ba8fc7a2

http://www.nessus.org/u?f54e1cd2

http://www.nessus.org/u?49559bb8

http://www.nessus.org/u?dee71c23

http://www.nessus.org/u?ed0492e1

http://www.nessus.org/u?6d088a5e

http://www.nessus.org/u?8e9df1b4

http://www.nessus.org/u?db9cdb46

http://www.nessus.org/u?449d58e9

http://www.nessus.org/u?3cc1fccb

http://www.nessus.org/u?df971ee0

http://www.nessus.org/u?3ea99582

http://www.nessus.org/u?d4fb28dc

http://www.nessus.org/u?0e99f7d4

http://www.nessus.org/u?3dc3e58e

http://www.nessus.org/u?625cb458

http://www.nessus.org/u?77405e03

http://www.nessus.org/u?dd34e6e6

Plugin Details

Severity: Critical

ID: 117431

File Name: smb_nt_ms18_sep_dotnet.nasl

Version: 1.7

Type: local

Agent: windows

Published: 2018/09/12

Updated: 2019/11/01

Dependencies: 99364, 51351, 13855, 57033

Risk Information

Risk Factor: Critical

VPR Score: 5.9

CVSS Score Source: CVE-2018-8421

CVSS v2.0

Base Score: 10

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSS v3.0

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 2018/09/11

Vulnerability Publication Date: 2018/09/11

Reference Information

CVE: CVE-2018-8421

BID: 105222

MSKB: 4457035, 4457038, 4457033, 4457142, 4457030, 4457025, 4457027, 4457026, 4457043, 4457028, 4457128, 4457045, 4457044, 4457132, 4457131, 4457036, 4457037, 4457034, 4457053, 4457054, 4457055, 4457056, 4457138, 4457029, 4457042

MSFT: MS18-4457035, MS18-4457038, MS18-4457033, MS18-4457142, MS18-4457030, MS18-4457025, MS18-4457027, MS18-4457026, MS18-4457043, MS18-4457028, MS18-4457128, MS18-4457045, MS18-4457044, MS18-4457132, MS18-4457131, MS18-4457036, MS18-4457037, MS18-4457034, MS18-4457053, MS18-4457054, MS18-4457055, MS18-4457056, MS18-4457138, MS18-4457029, MS18-4457042