Security Updates for Microsoft .NET Framework (September 2020)

low Nessus Plugin ID 140501

Language:

Synopsis

The Microsoft .NET Framework installation on the remote host is missing a security update.

Description

The Microsoft .NET Framework installation on the remote host is missing security updates. The security update addresses a potential abuse of ClickOnce to download applications from untrusted servers using NTLM authentication.

Solution

Microsoft has released security updates for Microsoft .NET Framework.

Plugin Details

Severity: Low

ID: 140501

File Name: smb_nt_ms20_sep_dotnet.nasl

Version: 1.1

Type: local

Agent: windows

Family: Windows : Microsoft Bulletins

Published: 9/11/2020

Updated: 9/11/2020

Supported Sensors: Nessus

Risk Information

CVSS Score Rationale: Score based on analysis of the vendor advisory.

CVSS v2

Risk Factor: Low

Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: manual

CVSS v3

Risk Factor: Low

Base Score: 3.3

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Patch Publication Date: 9/8/2020

Vulnerability Publication Date: 9/8/2020

Reference Information

MSFT: MS20-4576478, MS20-4576479, MS20-4576480, MS20-4576481, MS20-4576482, MS20-4576483, MS20-4576484, MS20-4576485, MS20-4576486, MS20-4576487, MS20-4576488, MS20-4576489, MS20-4576490

MSKB: 4576478, 4576479, 4576480, 4576481, 4576482, 4576483, 4576484, 4576485, 4576486, 4576487, 4576488, 4576489, 4576490

Detections

Analytics