Kaspersky LabKLA10659KLA10659 Multiple vulnerabilities in Microsoft .NET Framework
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.241 Low
EPSS
Percentile
96.5%
Detect date:
09/08/2015
Severity:
High
Description:
Multiple serious vulnerabilities have been found in .NET Framework. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions or gain privileges.
Affected products:
.NET Framework 2.0 Service Pack 2
.NET Framework 3.5, 3.5.1
.NET Framework 4, 4.5, 4.5.1, 4.5.2, 4.6
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
Impacts:
DoS
Related products:
CVE-IDS:
CVE-2015-25049.3Critical
CVE-2015-25265.0Critical
Microsoft official advisories:
KB list:
3074549
3074548
3074552
3074229
3074232
3074231
3074228
3074553
3089662
References
support.microsoft.com/kb/3074228
support.microsoft.com/kb/3074229
support.microsoft.com/kb/3074231
support.microsoft.com/kb/3074232
support.microsoft.com/kb/3074548
support.microsoft.com/kb/3074549
support.microsoft.com/kb/3074552
support.microsoft.com/kb/3074553
support.microsoft.com/kb/3089662
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2504
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2526
portal.msrc.microsoft.com/en-us/security-guidance
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2504
portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2015-2526
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
Related
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.241 Low
EPSS
Percentile
96.5%