Security Updates for Microsoft .NET Framework (November 2022)

medium Nessus Plugin ID 167254


The Microsoft .NET Framework installation on the remote host is missing a security update.


The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by an information disclosure vulnerability in the System.Data.SqlClient and Microsoft.Data.SqlClient packages. A timeout occurring under high load can cause incorrect data to be returned as the result of an asynchronously executed query.


Microsoft has released security updates for Microsoft .NET Framework.

See Also

Plugin Details

Severity: Medium

ID: 167254

File Name: smb_nt_ms22_nov_dotnet.nasl

Version: 1.5

Type: local

Agent: windows

Published: 11/10/2022

Updated: 12/15/2022

Risk Information


Risk Factor: Medium

Score: 6.0


Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:A/AC:H/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2022-41064


Risk Factor: Medium

Base Score: 5.8

Temporal Score: 5.1

Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:.net_framework

Required KB Items: SMB/MS_Bulletin_Checks/Possible

Exploit Ease: No known exploits are available

Patch Publication Date: 11/8/2022

Vulnerability Publication Date: 11/8/2022

Reference Information

CVE: CVE-2022-41064

MSKB: 5020606, 5020608, 5020609, 5020610, 5020611, 5020612, 5020613, 5020614, 5020615, 5020617, 5020618, 5020619, 5020620, 5020621, 5020622, 5020623, 5020624, 5020627, 5020628, 5020629, 5020630, 5020632

MSFT: MS22-5020606, MS22-5020608, MS22-5020609, MS22-5020610, MS22-5020611, MS22-5020612, MS22-5020613, MS22-5020614, MS22-5020615, MS22-5020617, MS22-5020618, MS22-5020619, MS22-5020620, MS22-5020621, MS22-5020622, MS22-5020623, MS22-5020624, MS22-5020627, MS22-5020628, MS22-5020629, MS22-5020630, MS22-5020632

IAVA: 2022-A-0477-S