KLA10925Information Disclosure vulnerability in Microsoft .NET Framework 4.6.2

2016-12-13T00:00:00
ID KLA10925
Type kaspersky
Reporter Kaspersky Lab
Modified 2018-10-16T00:00:00

Description

CVSS:

5.0

Detect date:

12/13/2016

Severity:

Critical

Description:

Mishandling of a developer-supplied key was found in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. By exploiting this vulnerability malicious users can obtain sensitive cleartext information. This vulnerability can be exploited remotely via leveraging key guessability.

Affected products:

Microsoft .NET Framework 4.6.2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

https://technet.microsoft.com/library/security/ms16-155
CVE-2016-7270

Impacts:

OSI

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2016-7270

Microsoft official advisories:

KB list:

3206632
3205640
3204801
3204802
3204805