Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
mskbMicrosoftKB5033917
HistoryMar 22, 2024 - 7:00 a.m.

January 9, 2024-KB5033917 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2

2024-03-2207:00:00
Microsoft
support.microsoft.com
8
microsoft server os
.net framework
security update
reliability improvement
version 23h2
cve-2023-36042
cve-2024-0056
cve-2024-0057
cve-2024-21312
remote code execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

January 9, 2024-KB5033917 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Microsoft server operating system, version 23H2

Release Date:
January 9, 2024 Version: ** .NET Framework 3.5 and 4.8.1**

The January 9, 2024 update for Microsoft server operating system, version 23H2 includes security and cumulative reliability improvements in .NET Framework 3.5 and 4.8.1. We recommend that you apply this update as part of your regular maintenance routines. Before you install this update, see the Prerequisites and Restart requirement sections.

Summary

Security Improvements CVE-2023-36042 – .NET Framework Denial of Service Vulnerability
This security update addresses a security feature bypass vulnerability detailed in CVE-2023-36042. CVE-2024-0056 – .NET Framework Security Feature Bypass Vulnerability
This security update addresses a security feature bypass vulnerability detailed in CVE-2024-0056 . CVE-2024-0057 – .NET Framework Security Feature Vulnerability
This security update addresses a elevation of privilege vulnerability detailed in CVE-2024-0057. CVE-2024-21312 – .NET Framework Denial of Service Vulnerability
This security update addresses a denial of service vulnerability detailed in CVE-2024-21312 . .NET Framework Remote Code Execution Vulnerability
This security update addresses a remote code execution vulnerability to HTTP .NET remoting server channel chain. Quality and Reliability ImprovementsThere are no new Quality and Reliability Improvements in this update.

Known issues in this update

Microsoft is not currently aware of any issues in this update.

How to get this update

Install this update****Release Channel Available Next Step
Windows Update and Microsoft Update Yes None. This update will be downloaded and installed automatically from Windows Update.
Windows Update for Business Yes None. This update will be downloaded and installed automatically from Windows Update.
Microsoft Update Catalog Yes To get the standalone package for this update, go to the Microsoft Update Catalog website.
Windows Server Update Services (WSUS) Yes This update will automatically sync with WSUS if you configure as follows: Product: Microsoft server operating system, version 23H2Classification: Security Updates File information For a list of the files that are provided in this update, download the file information for cumulative update.

Prerequisites

To apply this update, you must have .NET Framework 3.5 or 4.8.1 installed.

Restart requirement

You must restart the computer after you apply this update if any affected files are being used. We recommend that you exit all .NET Framework-based applications before you apply this update.

How to obtain help and support for this update

Related

mskb 20
openvas 10
nessus 37
kaspersky 4
almalinux 6
osv 16
rocky 3
redhat 7
oraclelinux 6
cve 5
redhatcve 4
cvelist 5
mscve 5
nvd 5
nuclei 1
prion 4
ubuntucve 2
cgr 1
redos 1
veracode 2
wolfi 1
alpinelinux 2
github 2
ibm 1
ubuntu 1
photon 3
thn 1
rapid7blog 2
mskb
mskb
January 9, 2024-KB5034272 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Azure Stack HCI, version 22H2
2024-03-22 07:00:00
January 9, 2024-KB5033920 Cumulative Update for .NET Framework 3.5 and 4.8.1 for Windows 11, version 22H2 and Windows 11, version 23H2
2024-03-22 07:00:00
January 9, 2024-KB5034276 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 11, version 21H2
2024-03-22 07:00:00
openvas
openvas
Microsoft .NET Framework Multiple Vulnerabilities (KB5034276)
2024-01-10 00:00:00
Microsoft .NET Framework Multiple Vulnerabilities (KB5033920)
2024-01-10 00:00:00
Microsoft .NET Framework Multiple Vulnerabilities (KB5034275)
2024-01-10 00:00:00
nessus
nessus
Security Updates for Microsoft .NET Framework (January 2024)
2024-01-10 00:00:00
Amazon Linux 2023 : aspnetcore-runtime-6.0, aspnetcore-targeting-pack-6.0, dotnet (ALAS2023-2024-489)
2024-01-23 00:00:00
AlmaLinux 8 : .NET 6.0 (ALSA-2024:0158)
2024-01-12 00:00:00
kaspersky
kaspersky
KLA62822 Multiple vulnerabilities in Microsoft Developer Tools
2024-01-09 00:00:00
KLA65276 OSI vulnerability in Microsoft Developer Tools
2024-03-22 00:00:00
KLA62825 SB vulnerability in Microsoft SQL Server
2024-01-09 00:00:00
almalinux
almalinux
Important: .NET 7.0 security update
2024-01-10 00:00:00
Important: .NET 7.0 security update
2024-01-10 00:00:00
Important: .NET 8.0 security update
2024-01-10 00:00:00
osv
osv
Important: .NET 8.0 security update
2024-01-10 00:00:00
Important: .NET 6.0 security update
2024-01-12 19:57:42
Important: .NET 6.0 security update
2024-01-10 00:00:00
rocky
rocky
.NET 6.0 security update
2024-01-12 19:57:42
.NET 8.0 security update
2024-01-12 19:57:42
.NET 7.0 security update
2024-01-12 19:57:42
redhat
redhat
(RHSA-2024:0150) Important: .NET 8.0 security update
2024-01-10 15:15:53
(RHSA-2024:0152) Important: .NET 8.0 security update
2024-01-10 15:18:52
(RHSA-2024:0255) Important: .NET 6.0 security, bug fix, and enhancement update
2024-01-15 15:30:34
oraclelinux
oraclelinux
.NET 7.0 security update
2024-01-17 00:00:00
.NET 6.0 security update
2024-01-16 00:00:00
.NET 8.0 security update
2024-01-17 00:00:00
cve
cve
CVE-2024-21312
2024-01-09 18:15:55
CVE-2024-29059
2024-03-23 00:15:09
CVE-2023-36042
2023-11-14 18:15:34
redhatcve
redhatcve
CVE-2024-21312
2024-01-10 15:06:42
CVE-2024-29059
2024-03-25 12:35:53
CVE-2024-0057
2024-01-10 04:00:43
cvelist
cvelist
CVE-2024-21312 .NET Framework Denial of Service Vulnerability
2024-01-09 17:57:10
CVE-2024-29059 .NET Framework Information Disclosure Vulnerability
2024-03-22 23:09:05
CVE-2023-36042 Visual Studio Denial of Service Vulnerability
2023-11-14 17:57:31
mscve
mscve
.NET Framework Denial of Service Vulnerability
2024-01-09 08:00:00
.NET Framework Information Disclosure Vulnerability
2024-03-22 07:00:00
Visual Studio Denial of Service Vulnerability
2023-11-14 08:00:00
nvd
nvd
CVE-2024-21312
2024-01-09 18:15:55
CVE-2024-29059
2024-03-23 00:15:09
CVE-2023-36042
2023-11-14 18:15:34
nuclei
nuclei
.NET Framework - Leaking ObjRefs via HTTP .NET Remoting
2024-03-28 13:17:52
prion
prion
Denial of service
2023-11-14 18:15:00
Denial of service
2024-01-09 18:15:00
Security feature bypass
2024-01-09 18:15:00
ubuntucve
ubuntucve
CVE-2024-0057
2024-01-09 00:00:00
CVE-2024-0056
2024-01-09 00:00:00
cgr
cgr
CVE-2024-0057 vulnerabilities
2024-05-19 03:07:16
redos
redos
ROS-20240418-02
2024-04-18 00:00:00
veracode
veracode
Protection Mechanism Failure
2024-01-30 18:59:03
Credential Exposure
2024-01-26 15:02:36
wolfi
wolfi
CVE-2024-0057 vulnerabilities
2024-06-25 03:08:26
alpinelinux
alpinelinux
CVE-2024-0057
2024-01-09 18:15:46
CVE-2024-0056
2024-01-09 18:15:46
github
github
NuGet Client Security Feature Bypass Vulnerability
2024-02-13 21:18:10
Microsoft.Data.SqlClient and System.Data.SqlClient vulnerable to SQL Data Provider Security Feature Bypass
2024-01-09 18:30:27
ibm
ibm
Security Bulletin: A vulnerability in Microsoft .NET Core affects IBM Robotic Process Automation and may result in a bypass of security restrictions (CVE-2024-0056)
2024-06-05 20:26:43
ubuntu
ubuntu
.NET vulnerabilities
2024-01-11 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2024-3.0-0717
2024-01-25 00:00:00
Critical Photon OS Security Update - PHSA-2024-5.0-0195
2024-01-25 00:00:00
Critical Photon OS Security Update - PHSA-2024-4.0-0556
2024-01-25 00:00:00
thn
thn
Microsoft's January 2024 Windows Update Patches 48 New Vulnerabilities
2024-01-10 05:26:00
rapid7blog
rapid7blog
Patch Tuesday - January 2024
2024-01-09 21:23:10
Patch Tuesday - November 2023
2023-11-14 21:27:09

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON
Related for KB5033917
mskb20openvas10nessus37kaspersky4almalinux6osv16rocky3redhat7oraclelinux6cve5redhatcve4cvelist5mscve5nvd5nuclei1prion4ubuntucve2cgr1redos1veracode2wolfi1alpinelinux2github2ibm1ubuntu1photon3thn1rapid7blog2