Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Vulnerabilities in .NET Framework Could Allow Elevation of Privilege

 

Systems Affected


Windows Vista
Windows Server 2008
Windows 7
Windows 8
Windows 8.1
Windows Server 2012
Windows RT
Windows 10

Threat Level


High


Overview


Revised bulletin (Originally posted: September 8, 2015) to announce a detection change for the 3074554 update for .NET Framework 4.6. This is an informational change only. Customers who have already successfully updated their systems do not need to take any action.


Description


This security update resolves vulnerabilities in Microsoft .NET Framework. The most severe of the vulnerabilities could allow elevation of privilege if a user runs a specially crafted .NET application. However, in all cases, an attacker would have no way to force users to run the application; an attacker would have to convince users to do so.

This security update is rated Important for Microsoft .NET Framework 2.0 Service Pack 2, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4, Microsoft .NET Framework 4.5, Microsoft .NET Framework 4.5.1, and Microsoft .NET Framework 4.5.2 on affected releases of Microsoft Windows. For more information, see the Affected Software section.


Impact



Solution/ Workarounds


Apply appropriate patches as mentioned in https://technet.microsoft.com/library/security/ms15-101.aspx


References


Security TechCenter


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.