Search...

Microsoft PowerShell Core DoS And Security Feature Bypass Vulnerabilities (Linux)

2018-01-30T00:00:00

ID OPENVAS:1361412562310812747
Type openvas
Reporter Copyright (C) 2018 Greenbone Networks GmbH
Modified 2019-05-17T00:00:00

Description

This host is missing an important security update for PowerShell Core according to Microsoft security update January 2018.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
#
# Microsoft PowerShell Core DoS And Security Feature Bypass Vulnerabilities (Linux)
#
# Authors:
# Rinu Kuriakose &lt;krinu@secpod.com&gt;
#
# Copyright:
# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

CPE = "cpe:/a:microsoft:powershell";

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.812747");
  script_version("2019-05-17T10:45:27+0000");
  script_cve_id("CVE-2018-0764", "CVE-2018-0786");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_tag(name:"last_modification", value:"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)");
  script_tag(name:"creation_date", value:"2018-01-30 15:21:20 +0530 (Tue, 30 Jan 2018)");
  script_name("Microsoft PowerShell Core DoS And Security Feature Bypass Vulnerabilities (Linux)");

  script_tag(name:"summary", value:"This host is missing an important security
  update for PowerShell Core according to Microsoft security update January 2018.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Multiple flaws are due to,

  - An error in the open source versions of PowerShell Core when improper
    processing of XML documents by .NET Core occurs.

  - An error in the open source versions of PowerShell Core where an attacker
    could present a certificate that is marked invalid for a specific use,
    but a .NET Core component uses it for that purpose. This action disregards
    the Enhanced Key Usage tagging.");

  script_tag(name:"impact", value:"Successful exploitation will allow remote
  attackers to cause a denial of service to an application using PowerShell
  to process requests and also to bypass security.");

  script_tag(name:"affected", value:"PowerShell Core version 6.0.0 before 6.0.1");

  script_tag(name:"solution", value:"Update PowerShell Core to version 6.0.1 or
  later.");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"executable_version");
  script_xref(name:"URL", value:"https://github.com/PowerShell/Announcements/issues/2");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2018 Greenbone Networks GmbH");
  script_family("General");
  script_dependencies("gb_powershell_core_detect_lin.nasl");
  script_mandatory_keys("PowerShell/Linux/Ver");
  exit(0);
}

include("version_func.inc");
include("host_details.inc");

if(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);
psVer = infos['version'];
psPath = infos['location'];

if(psVer =~ "^(6\.0)" && version_is_less(version:psVer, test_version:"6.0.1"))
{
  report = report_fixed_ver(installed_version:psVer, fixed_version:"6.0.1", install_path:psPath);
  security_message(data:report);
  exit(0);
}
exit(0);

JSON Vulners Source

Initial Source

{"id": "OPENVAS:1361412562310812747", "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft PowerShell Core DoS And Security Feature Bypass Vulnerabilities (Linux)", "description": "This host is missing an important security\n update for PowerShell Core according to Microsoft security update January 2018.", "published": "2018-01-30T00:00:00", "modified": "2019-05-17T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812747", "reporter": "Copyright (C) 2018 Greenbone Networks GmbH", "references": ["https://github.com/PowerShell/Announcements/issues/2"], "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "lastseen": "2019-05-29T18:33:14", "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-0764", "CVE-2018-0786"]}, {"type": "symantec", "idList": ["SMNTC-102387", "SMNTC-102380"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310812625", "OPENVAS:1361412562310812709", "OPENVAS:1361412562310812626", "OPENVAS:1361412562310812727", "OPENVAS:1361412562310812745", "OPENVAS:1361412562310812724", "OPENVAS:1361412562310812627", "OPENVAS:1361412562310812713", "OPENVAS:1361412562310812703", "OPENVAS:1361412562310812628"]}, {"type": "mskb", "idList": ["KB4055266", "KB4055267", "KB4055271", "KB4055532", "KB4055265", "KB4055269", "KB4055270", "KB4055272"]}, {"type": "nessus", "idList": ["SMB_NT_MS18_JAN_DOTNET_CORE.NASL", "SMB_NT_MS18_JAN_4055266.NASL", "MACOSX_MS18_JAN_DOTNET_CORE.NASL", "REDHAT-RHSA-2018-0379.NASL"]}, {"type": "kaspersky", "idList": ["KLA11172"]}, {"type": "github", "idList": ["GHSA-RR3C-F55V-QHV5", "GHSA-JC8G-XHW5-6X46"]}, {"type": "redhat", "idList": ["RHSA-2018:0379"]}, {"type": "threatpost", "idList": ["THREATPOST:63188D8C89FE469962D4F460E46755BC"]}, {"type": "thn", "idList": ["THN:ED087560040A02BCB1F68DE406A7F577"]}, {"type": "talosblog", "idList": ["TALOSBLOG:EC1B279A70AF41A51CBB4EB4722EFA46"]}, {"type": "trendmicroblog", "idList": ["TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034"]}], "modified": "2019-05-29T18:33:14", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2019-05-29T18:33:14", "rev": 2}, "vulnersScore": 6.9}, "pluginID": "1361412562310812747", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft PowerShell Core DoS And Security Feature Bypass Vulnerabilities (Linux)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:powershell\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812747\");\n script_version(\"2019-05-17T10:45:27+0000\");\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-17 10:45:27 +0000 (Fri, 17 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-30 15:21:20 +0530 (Tue, 30 Jan 2018)\");\n script_name(\"Microsoft PowerShell Core DoS And Security Feature Bypass Vulnerabilities (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update for PowerShell Core according to Microsoft security update January 2018.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error in the open source versions of PowerShell Core when improper\n processing of XML documents by .NET Core occurs.\n\n - An error in the open source versions of PowerShell Core where an attacker\n could present a certificate that is marked invalid for a specific use,\n but a .NET Core component uses it for that purpose. This action disregards\n the Enhanced Key Usage tagging.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service to an application using PowerShell\n to process requests and also to bypass security.\");\n\n script_tag(name:\"affected\", value:\"PowerShell Core version 6.0.0 before 6.0.1\");\n\n script_tag(name:\"solution\", value:\"Update PowerShell Core to version 6.0.1 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://github.com/PowerShell/Announcements/issues/2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_powershell_core_detect_lin.nasl\");\n script_mandatory_keys(\"PowerShell/Linux/Ver\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\npsVer = infos['version'];\npsPath = infos['location'];\n\nif(psVer =~ \"^(6\\.0)\" && version_is_less(version:psVer, test_version:\"6.0.1\"))\n{\n report = report_fixed_ver(installed_version:psVer, fixed_version:\"6.0.1\", install_path:psPath);\n security_message(data:report);\n exit(0);\n}\nexit(0);\n", "naslFamily": "General"}

{"cve": [{"lastseen": "2020-10-03T13:20:07", "description": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\"", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-10T01:29:00", "title": "CVE-2018-0786", "type": "cve", "cwe": ["CWE-295"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0786"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:microsoft:.net_core:1.0", "cpe:/a:microsoft:.net_framework:3.5.1", "cpe:/a:microsoft:powershell_core:6.0.0", "cpe:/a:microsoft:.net_framework:3.5", "cpe:/a:microsoft:.net_framework:4.6.1", "cpe:/a:microsoft:.net_framework:4.7", "cpe:/a:microsoft:.net_core:2.0", "cpe:/a:microsoft:.net_framework:2.0", "cpe:/a:microsoft:.net_framework:4.6.2", "cpe:/a:microsoft:.net_framework:4.5.2", "cpe:/a:microsoft:.net_framework:4.7.1", "cpe:/a:microsoft:.net_framework:3.0", "cpe:/a:microsoft:.net_framework:4.6"], "id": "CVE-2018-0786", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0786", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:powershell_core:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T13:20:07", "description": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-01-10T01:29:00", "title": "CVE-2018-0764", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-0764"], "modified": "2019-10-03T00:03:00", "cpe": ["cpe:/a:microsoft:.net_core:1.0", "cpe:/a:microsoft:.net_framework:3.5.1", "cpe:/a:microsoft:powershell_core:6.0.0", "cpe:/a:microsoft:.net_core:1.1", "cpe:/a:microsoft:.net_framework:3.5", "cpe:/a:microsoft:.net_framework:4.6.1", "cpe:/a:microsoft:.net_framework:4.7", "cpe:/a:microsoft:.net_core:2.0", "cpe:/a:microsoft:.net_framework:2.0", "cpe:/a:microsoft:.net_framework:4.6.2", "cpe:/a:microsoft:.net_framework:4.5.2", "cpe:/a:microsoft:.net_framework:4.7.1", "cpe:/a:microsoft:.net_framework:3.0", "cpe:/a:microsoft:.net_framework:4.6"], "id": "CVE-2018-0764", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0764", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:microsoft:.net_core:2.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_core:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:2.0:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:powershell_core:6.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*"]}], "symantec": [{"lastseen": "2018-03-13T10:05:44", "bulletinFamily": "software", "cvelist": ["CVE-2018-0786"], "description": "### Description\n\nMicrosoft .NET Framework is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may aid in further attacks.\n\n### Technologies Affected\n\n * Microsoft .NET Framework 2.0 \n * Microsoft .NET Framework 3.0 SP2 \n * Microsoft .NET Framework 3.5 \n * Microsoft .NET Framework 3.5.1 \n * Microsoft .NET Framework 4.5.2 \n * Microsoft .NET Framework 4.6 \n * Microsoft .NET Framework 4.6.1 \n * Microsoft .NET Framework 4.6.2 \n * Microsoft .NET Framework 4.7 \n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 Datacenter SP1 \n * Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2008 for x64-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of exploits.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This includes but is not limited to unexplained incoming and outgoing traffic. This may indicate exploit attempts or activity that results from successful exploits.\n\n**Communicate sensitive information through secure means.** \nUse multiple layers of encryption when communicating sensitive information between a client and a server. This will reduce the chance of a successful exploit.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2018-01-09T00:00:00", "published": "2018-01-09T00:00:00", "id": "SMNTC-102380", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102380", "type": "symantec", "title": "Microsoft .NET Framework CVE-2018-0786 Security Bypass Vulnerability", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}, {"lastseen": "2018-03-14T22:40:35", "bulletinFamily": "software", "cvelist": ["CVE-2018-0764"], "description": "### Description\n\nMicrosoft .NET Framework is prone to a remote denial-of-service vulnerability. An attacker can exploit this issue to cause a denial of service condition.\n\n### Technologies Affected\n\n * Microsoft .NET Framework 2.0 SP2 \n * Microsoft .NET Framework 3.0 SP2 \n * Microsoft .NET Framework 3.5 \n * Microsoft .NET Framework 3.5.1 \n * Microsoft .NET Framework 4.5.2 \n * Microsoft .NET Framework 4.6 \n * Microsoft .NET Framework 4.6.1 \n * Microsoft .NET Framework 4.6.2 \n * Microsoft .NET Framework 4.7 \n * Microsoft PowerShell Core 6.0.0 \n * Microsoft Windows 10 Version 1607 for 32-bit Systems \n * Microsoft Windows 10 Version 1607 for x64-based Systems \n * Microsoft Windows 10 for 32-bit Systems \n * Microsoft Windows 10 for x64-based Systems \n * Microsoft Windows 10 version 1511 for 32-bit Systems \n * Microsoft Windows 10 version 1511 for x64-based Systems \n * Microsoft Windows 10 version 1703 for 32-bit Systems \n * Microsoft Windows 10 version 1703 for x64-based Systems \n * Microsoft Windows 7 for 32-bit Systems SP1 \n * Microsoft Windows 7 for x64-based Systems SP1 \n * Microsoft Windows 8.1 for 32-bit Systems \n * Microsoft Windows 8.1 for x64-based Systems \n * Microsoft Windows RT 8.1 \n * Microsoft Windows Server 2008 R2 for x64-based Systems SP1 \n * Microsoft Windows Server 2008 for 32-bit Systems SP2 \n * Microsoft Windows Server 2008 for Itanium-based Systems SP2 \n * Microsoft Windows Server 2012 \n * Microsoft Windows Server 2012 R2 \n * Microsoft Windows Server 2016 \n\n### Recommendations\n\n**Block external access at the network boundary, unless external parties require service.** \nIf global access isn't needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of anomalous or suspicious activity. This may indicate exploit attempts or activity that results from successful exploits.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "modified": "2018-01-09T00:00:00", "published": "2018-01-09T00:00:00", "id": "SMNTC-102387", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/102387", "type": "symantec", "title": "Microsoft .NET Framework CVE-2018-0764 Remote Denial of Service Vulnerability", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "openvas": [{"lastseen": "2020-06-08T23:06:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "This host is missing an important security\n update according to Microsoft KB4054996", "modified": "2020-06-04T00:00:00", "published": "2018-01-10T00:00:00", "id": "OPENVAS:1361412562310812628", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812628", "type": "openvas", "title": "Microsoft .NET Framework 3.0 And 2.0 SP2 Multiple Vulnerabilities (KB4054996)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft .NET Framework 3.0 And 2.0 SP2 Multiple Vulnerabilities (KB4054996)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812628\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n script_bugtraq_id(102387, 102380);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 14:43:54 +0530 (Wed, 10 Jan 2018)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft .NET Framework 3.0 And 2.0 SP2 Multiple Vulnerabilities (KB4054996)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4054996\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error when .NET, and .NET core, improperly process XML documents.\n\n - An error when Microsoft .NET Framework (and .NET Core) components do not\n completely validate certificates.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass certain security restrictions and conduct a denial-of-service\n condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft .NET Framework 3.0 Service Pack 2 on Microsoft Windows Server 2008\n\n - Microsoft .NET Framework 2.0 Service Pack 2 on Microsoft Windows Server 2008\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4054996\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3) <= 0){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nforeach item (registry_enum_keys(key:key))\n{\n path = registry_get_sz(key:key + item, item:\"Path\");\n if(path && \"\\Microsoft.NET\\Framework\" >< path)\n {\n dllVer = fetch_file_version(sysPath:path, file_name:\"System.Xml.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"2.0.50727.5700\", test_version2:\"2.0.50727.8772\"))\n {\n report = report_fixed_ver(file_checked:path + \"\\system.xml.dll\",\n file_version:dllVer, vulnerable_range:\"2.0.50727.5700 - 2.0.50727.8772\");\n security_message(data:report);\n exit(0);\n }\n }\n }\n}\nexit(99);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-07-17T14:13:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "This host is missing an important security\n update for PowerShell Core according to Microsoft security update January 2018.", "modified": "2019-07-16T00:00:00", "published": "2018-01-30T00:00:00", "id": "OPENVAS:1361412562310812745", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812745", "type": "openvas", "title": "Microsoft PowerShell Core DoS And Security Feature Bypass Vulnerabilities (MacOSX)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft PowerShell Core DoS And Security Feature Bypass Vulnerabilities (MacOSX)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:microsoft:powershell\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812745\");\n script_version(\"2019-07-16T15:57:25+0000\");\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-07-16 15:57:25 +0000 (Tue, 16 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-30 15:21:20 +0530 (Tue, 30 Jan 2018)\");\n script_name(\"Microsoft PowerShell Core DoS And Security Feature Bypass Vulnerabilities (MacOSX)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update for PowerShell Core according to Microsoft security update January 2018.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - An error in the open source versions of PowerShell Core when improper\n processing of XML documents by .NET Core occurs.\n\n - An error in the open source versions of PowerShell Core where an attacker\n could present a certificate that is marked invalid for a specific use,\n but a .NET Core component uses it for that purpose. This action disregards\n the Enhanced Key Usage tagging.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service to an application using PowerShell\n to process requests and also to bypass security.\");\n\n script_tag(name:\"affected\", value:\"PowerShell Core version 6.0.0 before 6.0.1\");\n\n script_tag(name:\"solution\", value:\"Update PowerShell Core to version 6.0.1 or\n later.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://github.com/PowerShell/Announcements/issues/2\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Mac OS X Local Security Checks\");\n script_dependencies(\"gb_powershell_core_detect_macosx.nasl\");\n script_mandatory_keys(\"PowerShell/MacOSX/Version\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\ninclude(\"host_details.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE))\n exit(0);\n\nvers = infos['version'];\npath = infos['location'];\n\nif(vers =~ \"^6\\.0\" && version_is_less(version:vers, test_version:\"6.0.1\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"6.0.1\", install_path:path);\n security_message(data:report);\n exit(0);\n}\n\nexit(99);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-08T23:06:03", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "This host is missing a critical security\n update according to Microsoft Security Updates KB4055002.", "modified": "2020-06-04T00:00:00", "published": "2018-01-10T00:00:00", "id": "OPENVAS:1361412562310812713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812713", "type": "openvas", "title": "Microsoft .NET Framework Denial Of Service And Security Feature Bypass Vulnerabilities (KB4055002)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft .NET Framework Denial Of Service And Security Feature Bypass Vulnerabilities (KB4055002)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812713\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 13:15:49 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Microsoft .NET Framework Denial Of Service And Security Feature Bypass Vulnerabilities (KB4055002)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Security Updates KB4055002.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - .NET Framework (and .NET Core) components do not completely validate\n certificates.\n\n - .NET, and .NET core, improperly process XML documents.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker who successfully exploited this vulnerability to cause a denial\n of service against a .NET application and also to bypass security.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4055002\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3, win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nforeach item (registry_enum_keys(key:key))\n{\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n sysdllVer = fetch_file_version(sysPath:dotPath, file_name:\"system.runtime.remoting.dll\");\n if(!sysdllVer){\n exit(0);\n }\n\n ## .NET Framework 4.6 for Windows Server 2008 32-bit/x64 based Systems Service Pack 2\n ## .NET Framework 4.6/4.6.1/4.6.2/4.7 for Windows 7/Windows Server 2008 R2\n if(version_in_range(version:sysdllVer, test_version:\"4.6\", test_version2:\"4.7.2116\"))\n {\n report = 'File checked: ' + dotPath + \"system.runtime.remoting.dll\" + '\\n' +\n 'File version: ' + sysdllVer + '\\n' +\n 'Vulnerable range: 4.6 - 4.7.2116\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-08T23:06:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "This host is missing a critical security\n update according to Microsoft Security Updates KB4054995.", "modified": "2020-06-04T00:00:00", "published": "2018-01-10T00:00:00", "id": "OPENVAS:1361412562310812709", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812709", "type": "openvas", "title": "Microsoft .NET Framework Security Feature Bypass And DoS Vulnerabilities (KB4054995)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft .NET Framework Security Feature Bypass And DoS Vulnerabilities (KB4054995)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812709\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 11:53:08 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Microsoft .NET Framework Security Feature Bypass And DoS Vulnerabilities (KB4054995)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Security Updates KB4054995.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - .NET, and .NET core, improperly process XML documents.\n\n - Microsoft .NET Framework (and .NET Core) components do not completely\n validate certificates.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker who successfully exploited this vulnerability to cause a denial\n of service against a .NET application and also to bypass security.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 4.5.2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4054995\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2008:3, win2008x64:3, win2008r2:2, win7:2, win7x64:2) <= 0){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nforeach item (registry_enum_keys(key:key))\n{\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n sysdllVer = fetch_file_version(sysPath:dotPath, file_name:\"system.runtime.remoting.dll\");\n if(!sysdllVer){\n exit(0);\n }\n\n if(version_in_range(version:sysdllVer, test_version:\"4.0.30319.30000\", test_version2:\"4.0.30319.36414\"))\n {\n report = 'File checked: ' + dotPath + \"\\system.runtime.remoting.dll\" + '\\n' +\n 'File version: ' + sysdllVer + '\\n' +\n 'Vulnerable range: 4.0.30319.30000 - 4.0.30319.36414\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-08T23:06:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "This host is missing an important security\n update according to Microsoft Security Updates KB4054999.", "modified": "2020-06-04T00:00:00", "published": "2018-01-10T00:00:00", "id": "OPENVAS:1361412562310812725", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812725", "type": "openvas", "title": "Microsoft .NET Framework DoS And Security Feature Bypass Vulnerability (KB4054999)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft .NET Framework DoS And Security Feature Bypass Vulnerability (KB4054999)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812725\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 10:03:51 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Microsoft .NET Framework DoS And Security Feature Bypass Vulnerability (KB4054999)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Security Updates KB4054999.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - .NET Framework (and .NET Core) components do not completely validate\n certificates.\n\n - .NET, and .NET core, improperly process XML documents.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service against a .NET application and also\n to bypass cetain security restrictions.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 3.5.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4054999\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\v3.0\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\npath = registry_get_sz(key:key , item:\"All Assemblies In\");\nif(path){\n dllVer = fetch_file_version(sysPath:path, file_name:\"system.servicemodel.resources.dll\");\n}\n\nif(dllVer)\n{\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4506.7902\"))\n {\n report = report_fixed_ver(file_checked:path + \"system.servicemodel.resources.dll\", file_version:dllVer,\n vulnerable_range:\"3.0 - 3.0.4506.7902\");\n security_message(data:report);\n exit(0);\n }\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-08T23:06:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "This host is missing an important security\n update according to Microsoft KB4054994", "modified": "2020-06-04T00:00:00", "published": "2018-01-10T00:00:00", "id": "OPENVAS:1361412562310812625", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812625", "type": "openvas", "title": "Microsoft .NET Framework 4.5.2 Multiple Vulnerabilities (KB4054994)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft .NET Framework 4.5.2 Multiple Vulnerabilities (KB4054994)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812625\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n script_bugtraq_id(102387, 102380);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 14:13:54 +0530 (Wed, 10 Jan 2018)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft .NET Framework 4.5.2 Multiple Vulnerabilities (KB4054994)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4054994\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error when .NET, and .NET core, improperly process XML documents.\n\n - An error when Microsoft .NET Framework (and .NET Core) components do not\n completely validate certificates.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass certain security restrictions and conduct a denial-of-service\n condition.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 4.5.2 on Microsoft Windows Server 2012.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4054994\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nforeach item (registry_enum_keys(key:key))\n{\n path = registry_get_sz(key:key + item, item:\"Path\");\n if(path && \"\\Microsoft.NET\\Framework\" >< path)\n {\n dllVer = fetch_file_version(sysPath:path, file_name:\"System.Xml.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.0.30319.30000\", test_version2:\"4.0.30319.36426\"))\n {\n report = report_fixed_ver(file_checked:path + \"\\system.xml.dll\",\n file_version:dllVer, vulnerable_range:\"4.0.30319.30000 - 4.0.30319.36426\");\n security_message(data:report);\n exit(0);\n }\n }\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-08T13:29:06", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "This host is missing a critical security\n update according to Microsoft Security Updates KB4055000.", "modified": "2019-12-20T00:00:00", "published": "2018-01-10T00:00:00", "id": "OPENVAS:1361412562310812703", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812703", "type": "openvas", "title": "Microsoft .NET Framework DoS And Security Feature Bypas Vulnerability (KB4055000)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft .NET Framework DoS And Security Feature Bypas Vulnerability (KB4055000)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812703\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 10:03:51 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Microsoft .NET Framework DoS And Security Feature Bypas Vulnerability (KB4055000)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft Security Updates KB4055000.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - .NET Framework (and .NET Core) components do not completely validate\n certificates.\n\n - .NET, and .NET core, improperly process XML documents.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service against a .NET application and also\n to bypass cetain security restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft .NET Framework 4.6\n\n - Microsoft .NET Framework 4.6.1\n\n - Microsoft .NET Framework 4.6.2\n\n - Microsoft .NET Framework 4.7\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4055000\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nkey2 = \"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\\";\nforeach item (registry_enum_keys(key:key2))\n{\n path = registry_get_sz(key:key2 + item, item:\"All Assemblies In\");\n if(path)\n {\n dllVer = fetch_file_version(sysPath:path, file_name:\"system.identitymodel.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.2611\"))\n {\n report = 'File checked: ' + path + \"\\system.identitymodel.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: 4.6 - 4.7.2611\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n }\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-08T23:06:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "This host is missing an important security\n update according to Microsoft KB4054993", "modified": "2020-06-04T00:00:00", "published": "2018-01-10T00:00:00", "id": "OPENVAS:1361412562310812626", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812626", "type": "openvas", "title": "Microsoft .NET Framework 4.5.2 Multiple Vulnerabilities (KB4054993)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft .NET Framework 4.5.2 Multiple Vulnerabilities (KB4054993)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812626\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n script_bugtraq_id(102387, 102380);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 14:26:54 +0530 (Wed, 10 Jan 2018)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft .NET Framework 4.5.2 Multiple Vulnerabilities (KB4054993)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4054993\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error when .NET, and .NET core, improperly process XML documents.\n\n - An error when Microsoft .NET Framework (and .NET Core) components do not\n completely validate certificates.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass certain security restrictions and conduct a denial-of-service\n condition.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 4.5.2 on Microsoft Windows Server 2012 R2 and Microsoft Windows 8.1.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4054993\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nforeach item (registry_enum_keys(key:key))\n{\n path = registry_get_sz(key:key + item, item:\"Path\");\n if(path && \"\\Microsoft.NET\\Framework\" >< path)\n {\n dllVer = fetch_file_version(sysPath:path, file_name:\"System.Xml.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.0.30319.30000\", test_version2:\"4.0.30319.36426\"))\n {\n report = report_fixed_ver(file_checked:path + \"\\system.xml.dll\",\n file_version:dllVer, vulnerable_range:\"4.0.30319.30000 - 4.0.30319.36426\");\n security_message(data:report);\n exit(0);\n }\n }\n }\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-06-08T23:06:12", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "This host is missing an important security\n update according to Microsoft KB4054997", "modified": "2020-06-04T00:00:00", "published": "2018-01-10T00:00:00", "id": "OPENVAS:1361412562310812627", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812627", "type": "openvas", "title": "Microsoft .NET Framework 3.5 Multiple Vulnerabilities (KB4054997)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft .NET Framework 3.5 Multiple Vulnerabilities (KB4054997)\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812627\");\n script_version(\"2020-06-04T11:13:22+0000\");\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n script_bugtraq_id(102387, 102380);\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 11:13:22 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 14:33:54 +0530 (Wed, 10 Jan 2018)\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_name(\"Microsoft .NET Framework 3.5 Multiple Vulnerabilities (KB4054997)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4054997\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - An error when .NET, and .NET core, improperly process XML documents.\n\n - An error when Microsoft .NET Framework (and .NET Core) components do not\n completely validate certificates.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to bypass certain security restrictions and conduct a denial-of-service\n condition.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft .NET Framework 3.5\n\n - Microsoft Windows Server 2012\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4054997\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2012:1) <= 0){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nforeach item (registry_enum_keys(key:key))\n{\n path = registry_get_sz(key:key + item, item:\"Path\");\n if(path && \"\\Microsoft.NET\\Framework\" >< path)\n {\n dllVer = fetch_file_version(sysPath:path, file_name:\"System.Xml.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"2.0.50727.5700\", test_version2:\"2.0.50727.8772\"))\n {\n report = report_fixed_ver(file_checked:path + \"\\system.xml.dll\",\n file_version:dllVer, vulnerable_range:\"2.0.50727.5700 - 2.0.50727.8772\");\n security_message(data:report);\n exit(0);\n }\n }\n }\n}\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-08T13:28:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "This host is missing an important security\n update according to Microsoft Security Updates KB4055001.", "modified": "2019-12-20T00:00:00", "published": "2018-01-10T00:00:00", "id": "OPENVAS:1361412562310812724", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310812724", "type": "openvas", "title": "Microsoft .NET Framework DoS And Security Feature Bypass Vulnerability (KB4055001)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Microsoft .NET Framework DoS And Security Feature Bypass Vulnerability (KB4055001)\n#\n# Authors:\n# Rinu Kuriakose <krinu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.812724\");\n script_version(\"2019-12-20T10:24:46+0000\");\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-20 10:24:46 +0000 (Fri, 20 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-01-10 10:03:51 +0530 (Wed, 10 Jan 2018)\");\n script_name(\"Microsoft .NET Framework DoS And Security Feature Bypass Vulnerability (KB4055001)\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft Security Updates KB4055001.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to,\n\n - .NET Framework (and .NET Core) components do not completely validate\n certificates.\n\n - .NET, and .NET core, improperly process XML documents.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote\n attackers to cause a denial of service against a .NET application and also\n to bypass cetain security restrictions.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft .NET Framework 4.6\n\n - Microsoft .NET Framework 4.6.1\n\n - Microsoft .NET Framework 4.6.2\n\n - Microsoft .NET Framework 4.7\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4055001\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\ASP.NET\\\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nkey2 = \"SOFTWARE\\Microsoft\\.NETFramework\\AssemblyFolders\\\";\nforeach item (registry_enum_keys(key:key2))\n{\n path = registry_get_sz(key:key2 + item, item:\"All Assemblies In\");\n if(path)\n {\n dllVer = fetch_file_version(sysPath:path, file_name:\"system.identitymodel.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.2611\"))\n {\n report = 'File checked: ' + path + \"\\system.identitymodel.dll\" + '\\n' +\n 'File version: ' + dllVer + '\\n' +\n 'Vulnerable range: 4.6 - 4.7.2611\\n' ;\n security_message(data:report);\n exit(0);\n }\n }\n }\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "mskb": [{"lastseen": "2021-01-01T22:41:26", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "<html><body>Resolves a security feature bypass vulnerability and a denial of service vulnerability in .NET Framework and .NET Core components.<h2></h2><div class=\"alert-band\"><div class=\"alert alert-warning\" role=\"alert\">Notice<div class=\"row\"><div class=\"col-xs-24\">On\u00a0January 18, 2018, update\u00a04055532 was re-released to include an update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4074880). Update 4074880 replaces update 4055002 for this configuration, and prevents the\u00a0issue that is described in the following Knowledge\u00a0Base\u00a0article: \u00a0<a data-content-id=\"4074906\" data-content-type=\"article\" href=\"\" managed-link=\"\" target=\"_blank\">4074906</a>\u00a0- \"TypeInitializationException\" or \"FileFormatException\" error in WPF applications that request fallback fonts after you install the January 9, 2018, .NET Security and Quality Rollup (KB4055002) </div></div></div></div><h2></h2>This update has been released as part of the January 2018 Security and Quality Rollup\u00a0for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1.<h2>Important</h2>If you have not been offered this security update, you may be running incompatible antivirus software, and you should contact the software vendor. We are working closely with antivirus software partners to make sure that all customers receive the January Windows security updates as soon as possible. For more information, go to <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software\" target=\"\">Important: Windows security updates released January 3, 2018, and antivirus software</a>. Also, see\u00a0the <a bookmark-id=\"additional\" href=\"#additional\" managed-link=\"\">\"Additional information about this security update\"</a> section in\u00a0this article. <h2>Summary</h2>This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and .NET Core components do not completely validate certificates. This security update addresses the vulnerability by helping to make sure that .NET Framework and .NET Core components completely validate certificates. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0786\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0786</a>.Additionally, this security update resolves a denial of service vulnerability that exists when .NET Framework and .NET Core components improperly process XML documents. This update addresses the vulnerability by correcting how .NET Framework and .NET Core component applications handle XML document processing. To learn more about this vulnerability, see <a data-content-id=\"\" data-content-type=\"\" href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0764\" target=\"\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0764</a>.<h2></h2>Important<ul><li>All updates for .NET Framework 4.6, 4.6.1, 4.6.2,\u00a04.7, and 4.7.1 require that the\u00a0d3dcompiler_47.dll is installed. We recommend that you install the included d3dcompiler_47.dll before you apply\u00a0this update. For more information about the d3dcompiler_47.dll, see\u00a0<a aria-live=\"rude\" data-bi-name=\"content-anchor-link\" data-content-id=\"4019990\" data-content-type=\"article\" href=\"https://support.microsoft.com/en-us/help/4019990\" managed-link=\"\" tabindex=\"0\">KB 4019990</a>.</li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/en-us/library/hh825699\" managed-link=\"\" target=\"_blank\">Add language packs to Windows</a>.</li></ul><h2>Additional information about this security update</h2><ul><li>Enhanced Key Usage (EKU) is described in <a href=\"https://tools.ietf.org/html/rfc5280#section-4.2.1.12\">section 4.2.1.12 of RFC 5280</a>. This extension indicates one or more purposes for which the certified\u00a0public key may be used\u00a0in addition to or instead of the basic purposes that are indicated in the key usage extension. For example, a certificate that is used for the authentication of a client to a server must be configured for Client Authentication. Similarly, a certificate that is used for the authentication of a server must be configured for Server Authentication. This update changes this process so that the certificate chain validation fails if the root certificate is disabled. This is in addition to requiring\u00a0the appropriate client or server EKU on certificates. If certificates are used for authentication, the authenticator examines the certificate that is provided by the remote endpoint and looks for the correct purpose object identifier in Application Policies extensions. If a certificate is used for client authentication, the object identifier for Client Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2.\u00a0Likewise, when a certificate is used for server authentication, the object identifier for Server Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Server Authentication is 1.3.6.1.5.5.7.3.1. Certificates that have no EKU extension continue to authenticate correctly. Consider making changes to your component\u2019s certificates to make sure that they are using the correct EKU OID attributes and are secured correctly. If you temporarily cannot access correctly reissued certificates, you can choose to opt in or out of the security change to avoid any connectivity effects. To do this, specify the following appsetting value in the configuration file:<pre><appSettings> <add key=\"wcf:useLegacyCertificateUsagePolicy\" value=\"true\" /></appSettings></pre>Note Setting the value to \u201ctrue\u201d will opt out of the security changes.</li><li>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information. \u00a0<ul class=\"indent-1\"><li><a data-content-id=\"4074880\" data-content-type=\"article\" href=\"\" managed-link=\"\">4074880</a>\u00a0Description of the Security and Quality Rollup for\u00a0.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4074880)</li><li><a data-content-id=\"4054995\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054995</a>\u00a0Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows 7 SP1, Server 2008 R2 SP1, and Server 2008 SP2 (KB 4054995)</li><li><a data-content-id=\"4054998\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054998</a>\u00a0Description of the Security and Quality Rollup for\u00a0.NET Framework 3.5.1 for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4054998)</li></ul></li><li>Windows 10, Windows 8.1, Windows Server 2012 R2,\u00a0and Windows Server 2016 customersWe recommend that all customers protect their devices by running\u00a0compatible and supported antivirus software. Customers can take advantage of built-in antivirus protection, Windows Defender Antivirus, for Windows 8.1 and Windows 10 devices or a compatible third-party antivirus application. The antivirus software must set a registry key as described in the \"Setting the registry key\" section in this article\u00a0to receive the January 2018 security updates.</li><li>Windows 7 SP1 and Windows Server 2008 R2 SP1 customersA default installation of Windows 7 SP1 or Windows Server 2008 R2 SP1\u00a0will not have an antivirus application installed. <a href=\"https://support.microsoft.com/en-us/help/14210/security-essentials-download\">In these situations, we recommend installing a compatible and supported antivirus application such as Microsoft Security Essentials or a third-party antivirus application. </a>The antivirus software must set a registry key as described in the \"Setting the registry key\" section\u00a0for you to receive the January 2018 security updates.</li><li>Customers without antivirusIf you cannot install or run antivirus software, we recommend manually setting the registry key as described in the \"Setting the registry key\" section\u00a0to receive the January 2018 security updates.</li><li>Setting the registry keyCaution Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, see the \"Changing keys and values\" help topic in Registry Editor or see the \"Add and delete information in the registry\" and \"Edit registry data\" help topics in Regedt32.exe.Note\u00a0You will not receive the January 2018 security updates (or any successive security updates) and will not be protected from security vulnerabilities unless your antivirus software sets the following registry key:Key=\"HKEY_LOCAL_MACHINE\" Subkey=\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\" Value=\"cadca5fe-87d3-4b96-b7fb-a231484277cc\" Type=\"REG_DWORD\u201d Data=\"0x00000000\u201d</li></ul><h2>How to obtain help and support for this security update</h2><ul><li>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update FAQ</a></li><li>Security solutions for IT professionals: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"_blank\">TechNet Security Support and Troubleshooting</a></li><li>Help for protecting your Windows-based products and services from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"_blank\">Microsoft Secure</a></li><li>Local support according to your country: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com\" managed-link=\"\" target=\"_blank\">International Support</a></li></ul></body></html>", "edition": 8, "modified": "2018-01-20T01:24:34", "id": "KB4055532", "href": "https://support.microsoft.com/en-us/help/4055532/", "published": "2018-01-20T01:24:34", "title": "Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 7 SP1 and Server 2008 R2 SP1 (KB 4055532)", "type": "mskb", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T22:41:00", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "<html><body>Resolves a security feature bypass vulnerability and a denial of service vulnerability in .NET Framework and .NET core components.<h2></h2><div class=\"kb-summary-section section\">\ufeff\ufeff<a bookmark-id=\"appliestoproducts\" data-content-id=\"\" data-content-type=\"\" href=\"#appliestoproducts\" managed-link=\"\" target=\"\">View products that this article applies to.</a>\ufeff\ufeff </div><h2>Important</h2>If you have not been offered this security update, you may be running incompatible antivirus software, and you should contact the software vendor. We are working closely with antivirus software partners to make sure that all customers receive the January Windows security updates as soon as possible. For more information, go to <a href=\"https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software\">https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software</a>, and see the \"Additional information about this security update\" section of this article. <h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and .NET Core components do not completely validate certificates. This security update addresses the vulnerability by helping to make sure that .NET Framework and .NET Core components completely validate certificates. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0786\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0786</a>.Additionally, this security update resolves a denial of service vulnerability that exists when .NET Framework and .NET core components improperly process XML documents. This update addresses the vulnerability by correcting how .NET Framework and .NET Core component applications handle XML document processing. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0764\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0764</a>.</div><h2></h2>Important<ul><li>All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 require that the d3dcompiler_47.dll be installed. We recommend that you install the included d3dcompiler_47.dll before you apply this update. For more information about the d3dcompiler_47.dll, see <a href=\"https://support.microsoft.com/en-us/help/4019990\">KB 4019990</a>.</li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/en-us/library/hh825699\" managed-link=\"\" target=\"_blank\">Add language packs to Windows</a>.</li></ul><h2>Additional information about this security update</h2><ul><li>Enhanced Key Usage (EKU) is described in <a href=\"https://tools.ietf.org/html/rfc5280#section-4.2.1.12\">RFC 5280 in section 4.2.1.12</a>. This extension indicates one or more purposes for which the certified public key may be used, in addition to or instead of the basic purposes that are indicated in the key usage extension. For example, a certificate that is used for the authentication of a client to a server must be configured for Client Authentication. Similarly, a certificate that is used for the authentication of a server must be configured for Server Authentication. With this change, besides requiring the appropriate client/server EKU on certificates, if the root certificate is disabled, the certificate chain validation fails. When certificates are used for authentication, the authenticator examines the certificate that is provided by the remote endpoint and seeks the correct purpose object identifier in Application Policies extensions. When a certificate is used for client authentication, the object identifier for Client Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2. Likewise, when a certificate is used for server authentication, the object identifier for Server Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Server Authentication is 1.3.6.1.5.5.7.3.1. Certificates that have no EKU extension continue to authenticate correctly. First, consider making changes to your component\u2019s certificates to make sure that they are using the correct EKU OID attributes and are secured correctly. If you temporarily cannot access correctly reissued certificates, you can choose to opt in or out of the security change to avoid any connectivity effects. To do this, specify the following appsetting in the configuration file:<pre><appSettings> <add key=\"wcf:useLegacyCertificateUsagePolicy\" value=\"true\" /></appSettings></pre>Note Setting the value to \u201ctrue\u201d will opt out of the security changes.</li><li>The following articles contain additional information about this security\u00a0update as it relates to individual product versions.<ul class=\"indent-1\"><li><a data-content-id=\"4054175\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054175</a>\u00a0Description of the Security Only update for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 (KB 4054175)</li><li><a data-content-id=\"4054171\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054171</a>\u00a0Description of the Security Only update for .NET Framework 4.5.2 for Windows Server 2012 (KB 4054171)</li><li><a data-content-id=\"4054181\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054181</a>\u00a0Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 (KB 4054181)</li></ul></li><li>Windows 10, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 customersWe recommend that all customers protect their devices by running compatible and supported antivirus software. Customers can take advantage of built-in antivirus protection, Windows Defender Antivirus, for Windows 8.1 and Windows 10 devices, or a compatible third-party antivirus application. The antivirus software must set a registry key as described in \"Setting the Registry Key,\" below,\u00a0for you to receive the January 2018 security updates.</li><li>Windows 7 SP1 and Windows Server 2008 R2 SP1 CustomersIn a default installation of Windows 7 SP1 or Windows Server 2008 R2 SP1, customers do not have an antivirus application installed. <a href=\"https://support.microsoft.com/en-us/help/14210/security-essentials-download\">In these situations, we recommend installing a compatible and supported antivirus application such as Microsoft Security Essentials or a third-party antivirus application. </a>\u00a0The antivirus software must set a registry key as described in \"Setting the Registry Key,\" below,\u00a0for you to receive the January 2018 security updates.</li><li>Customers without antivirusIf customers cannot install or run antivirus software, we recommend manually setting the registry key as described in \"Setting the Registry Key,\" below, so that you can receive the January 2018 security updates.</li><li>Setting the registry keyCaution Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the \"Changing keys and values\" help topic in Registry Editor or view the \"Add and delete information in the registry\" and \"Edit registry data\" help topics in Regedt32.exe.Note\u00a0Customers will not receive the January 2018 security updates (or any successive security updates) and will not be protected from security vulnerabilities unless their antivirus software sets the following registry key:Key=\"HKEY_LOCAL_MACHINE\" Subkey=\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\" Value=\"cadca5fe-87d3-4b96-b7fb-a231484277cc\" Type=\"REG_DWORD\u201d Data=\"0x00000000\u201d</li></ul><h2>How to obtain help and support for this security update</h2><ul><li>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update FAQ</a></li><li>Security solutions for IT professionals: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"_blank\">TechNet Security Support and Troubleshooting</a></li><li>Help for protecting your Windows-based products and services from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"_blank\">Microsoft Secure</a></li><li>Local support according to your country: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com\" managed-link=\"\" target=\"_blank\">International Support</a></li></ul><h2>Applies to</h2><div>\ufeffThis article applies to the following:</div><ul><li>Microsoft .NET Framework 3.5 Service Pack 1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1\u00a0when used with:<ul><li>Windows Server 2012</li></ul></li></ul><div>\u00a0</div></body></html>", "edition": 3, "modified": "2018-01-20T01:24:34", "id": "KB4055270", "href": "https://support.microsoft.com/en-us/help/4055270/", "published": "2018-01-20T01:24:34", "title": "Security Only update for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 updates for Windows Server 2012 (KB 4055270)", "type": "mskb", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T22:45:27", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "<html><body>Resolves a security feature bypass vulnerability and a Denial of Service vulnerability in .NET Framework and .NET core components.<h2></h2><div class=\"kb-summary-section section\">\ufeff\ufeff<a bookmark-id=\"appliestoproducts\" data-content-id=\"\" data-content-type=\"\" href=\"#appliestoproducts\" managed-link=\"\" target=\"\">View products that this article applies to.</a>\ufeff\ufeff </div><h2>Important</h2>If you have not been offered this security update, you may be running incompatible antivirus software, and you should contact the software vendor. We are working closely with antivirus software partners to make sure that all customers receive the January Windows security updates as soon as possible. For more information, go to <a href=\"https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software\">https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software</a>, and see the \"Additional information about this security update\" section of this article. <h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and .NET Core components do not completely validate certificates. This security update addresses the vulnerability by helping to make sure that .NET Framework and .NET Core components completely validate certificates. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0786\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0786</a>.Additionally, this security update resolves a Denial of Service vulnerability that exists when .NET Framework and .NET core components improperly process XML documents. This update addresses the vulnerability by correcting how .NET Framework and .NET Core component applications handle XML document processing. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0764\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0764</a>.</div><h2></h2>Important<ul><li>All updates for .NET Framework 4.6 for Windows Server 2008 require that the d3dcompiler_47.dll update\u00a0be installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll update, see <a href=\"https://support.microsoft.com/en-us/help/4019478\">KB 4019478</a>.</li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/en-us/library/hh825699\" managed-link=\"\" target=\"_blank\">Add language packs to Windows</a>.</li></ul><h2>Additional information about this security update</h2><ul><li>Enhanced Key Usage (EKU) is described in <a href=\"https://tools.ietf.org/html/rfc5280#section-4.2.1.12\">RFC 5280 in section 4.2.1.12</a>. This extension indicates one or more purposes for which the certified public key may be used, in addition to or instead of the basic purposes that are indicated in the key usage extension. For example, a certificate that is used for the authentication of a client to a server must be configured for Client Authentication. Similarly, a certificate that is used for the authentication of a server must be configured for Server Authentication. With this change, besides requiring the appropriate client/server EKU on certificates, if the root certificate is disabled, the certificate chain validation will fail. When certificates are used for authentication, the authenticator examines the certificate that is provided by the remote endpoint and seeks the correct purpose object identifier in Application Policies extensions. When a certificate is used for client authentication, the object identifier for Client Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2. Likewise, when a certificate is used for server authentication, the object identifier for Server Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Server Authentication is 1.3.6.1.5.5.7.3.1. Certificates that have no EKU extension continue to authenticate correctly. First, consider making changes to your component\u2019s certificates to make sure that they are using the correct EKU OID attributes and are secured correctly. If you temporarily cannot access correctly reissued certificates, you can choose to opt in or out of the security change to avoid any connectivity effects. To do this, specify the following appsetting in the configuration file:<pre><appSettings> <add key=\"wcf:useLegacyCertificateUsagePolicy\" value=\"true\" /></appSettings></pre>Note Setting the value to \u201ctrue\u201d will opt out of the security changes.</li><li>The following articles contain additional information about this security\u00a0update as it relates to individual product versions.<ul class=\"indent-1\"><li><a data-content-id=\"4054174\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054174</a>\u00a0Description of the Security Only update for .NET Framework 2.0 SP2 and 3.0 SP2 for Windows Server 2008 SP2 (KB 4054174)</li><li><a data-content-id=\"4054172\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054172</a>\u00a0Description of the Security Only update for .NET Framework 4.5.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4054172)</li><li><a data-content-id=\"4054183\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054183</a>\u00a0Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4054183)</li></ul></li><li>Windows 10, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 customersWe recommend that all customers protect their devices by running compatible and supported antivirus software. Customers can take advantage of built-in antivirus protection, Windows Defender Antivirus, for Windows 8.1 and Windows 10 devices, or use a compatible third-party antivirus application. The antivirus software must set a registry key as described in \"Setting the Registry Key,\" below, for you to receive the January 2018 security updates.</li><li>Windows 7 SP1 and Windows Server 2008 R2 SP1 customersIn a default installation of Windows 7 SP1 or Windows Server 2008 R2 SP1, customers do not have an antivirus application installed. <a href=\"https://support.microsoft.com/en-us/help/14210/security-essentials-download\">In these situations, we recommend installing a compatible and supported antivirus application such as Microsoft Security Essentials or a third-party antivirus application. </a>The antivirus software must set a registry key as described in \"Setting the Registry Key,\" below, for you\u00a0to receive the January 2018 security updates.</li><li>Customers without antivirusIf customers cannot install or run antivirus software, we recommend manually setting the registry key as described in \"Setting the Registry Key,\" below for you\u00a0to receive the January 2018 security updates.</li><li>Setting the Registry KeyCaution Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the \"Changing keys and values\" help topic in Registry Editor or view the \"Add and delete information in the registry\" and \"Edit registry data\" help topics in Regedt32.exe.Note\u00a0Customers will not receive the January 2018 security updates (or any successive security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key:Key=\"HKEY_LOCAL_MACHINE\" Subkey=\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\" Value=\"cadca5fe-87d3-4b96-b7fb-a231484277cc\" Type=\"REG_DWORD\u201d Data=\"0x00000000\u201d</li></ul><h2>How to obtain help and support for this security update</h2><ul><li>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update FAQ</a></li><li>Security solutions for IT professionals: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"_blank\">TechNet Security Support and Troubleshooting</a></li><li>Help for protecting your Windows-based products and services from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"_blank\">Microsoft Secure</a></li><li>Local support according to your country: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com\" managed-link=\"\" target=\"_blank\">International Support</a></li></ul><h2>Applies to</h2><div>\ufeffThis article applies to the following:</div><ul><li>Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 when used with:<ul><li>Windows Server 2008 Service Pack 2</li></ul></li></ul><div>\u00a0</div></body></html>", "edition": 3, "modified": "2018-01-20T01:24:34", "id": "KB4055272", "href": "https://support.microsoft.com/en-us/help/4055272/", "published": "2018-01-20T01:24:34", "title": "Security Only update for .NET Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 updates for Windows Server 2008 SP2 (KB 4055272)", "type": "mskb", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T22:43:04", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "<html><body>Resolves a security feature bypass vulnerability and a denial of service vulnerability in .NET Framework and .NET core.<h2>Notice</h2>This update has been released as part of the January 2018 Security and Quality\u00a0Rollup\u00a0for .NET Framework 2.0 SP2, 3.0 SP2, 4.5.2, and 4.6 for Windows Server 2008 SP2.<h2>Important</h2>If you have not been offered this security update, you may be running incompatible antivirus software, and you should contact the software vendor. We are working closely with antivirus software partners to make sure that all customers receive the January Windows security updates as soon as possible. For more information, go to <a href=\"https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software\">https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software</a>. Also,\u00a0see the <a bookmark-id=\"additional\" href=\"#additional\" managed-link=\"\">\"Additional information about this security update\"</a> section in\u00a0this article.<h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and .NET Core components do not completely validate certificates. This security update addresses the vulnerability by helping to make sure that .NET Framework and .NET Core components completely validate certificates. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0786\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0786</a>.Additionally, this security update resolves a denial of service vulnerability that exists when .NET Framework and .NET Core components process XML documents incorrectly. This update addresses the vulnerability by correcting how .NET Framework and .NET Core component applications handle XML document processing. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0764\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0764</a>.</div><h2></h2>Important<ul><li>All updates for .NET Framework 4.6 for Windows Server 2008 SP2 require that the d3dcompiler_47.dll update be installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll update, see <a href=\"https://support.microsoft.com/en-us/help/4019478\">KB 4019478</a>.</li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/en-us/library/hh825699\" managed-link=\"\" target=\"_blank\">Add language packs to Windows</a>.</li></ul><h2>Additional information about this security update</h2><ul><li>Enhanced Key Usage (EKU) is described in <a href=\"https://tools.ietf.org/html/rfc5280#section-4.2.1.12\">RFC 5280 in section 4.2.1.12</a>. This extension indicates one or more purposes for which the certified\u00a0public key may be used. This is\u00a0in addition to or instead of the basic purposes that are indicated in the key usage extension. For example, a certificate that is used for the authentication of a client to a server must be configured for Client Authentication. Similarly, a certificate that is used for the authentication of a server must be configured for Server Authentication. This update changes this process so that the certificate chain validation fails if the root certificate is disabled. This is in addition to requiring\u00a0the appropriate client or server EKU on certificates. If certificates are used for authentication, the authenticator examines the certificate that is provided by the remote endpoint and looks for the correct purpose object identifier in Application Policies extensions. If a certificate is used for client authentication, the object identifier for Client Authentication must be present in the EKU extensions of the certificate. Otherwise,\u00a0authentication fails. The object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2.\u00a0Likewise, when a certificate is used for server authentication, the object identifier for Server Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Server Authentication is 1.3.6.1.5.5.7.3.1. Certificates that have no EKU extension continue to authenticate correctly. Consider making changes to your component\u2019s certificates to make sure that they are using the correct EKU OID attributes and are secured correctly. If you temporarily cannot access correctly reissued certificates, you can choose to opt in or out of the security change to avoid any connectivity effects. To do this, specify the following appsettings value change in the configuration file:<pre><appSettings> <add key=\"wcf:useLegacyCertificateUsagePolicy\" value=\"true\" /></appSettings></pre> Note Setting the value to \u201ctrue\u201d opts out of the security changes.</li><li>The following articles contain more information about this security update as it relates to individual product versions. The articles may contain known issue information. \u00a0<ul class=\"indent-1\"><li><a data-content-id=\"4055002\" data-content-type=\"article\" href=\"\" managed-link=\"\">4055002</a>\u00a0Description of the Security and Quality Rollup for .NET Framework 4.6 on Windows Server 2008 SP2 (KB 4055002)</li><li><a data-content-id=\"4054995\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054995</a>\u00a0Description of the Security and Quality Rollup for\u00a0.NET Framework 4.5.2 for Windows 7 SP1, Server 2008 R2 SP1, and Server 2008 SP2 (KB 4054995)</li><li><a data-content-id=\"4054996\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054996</a>\u00a0Description of the Security and Quality Rollup for\u00a0.NET Framework 2.0 SP2 and 3.0 SP2 for Windows Server 2008 SP2 (KB 4054996)</li></ul></li><li>Windows 10, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 customersWe recommend that all customers protect their devices by running\u00a0compatible and supported antivirus software. Customers can take advantage of built-in antivirus protection, Windows Defender Antivirus\u00a0for Windows 8.1 and Windows 10 devices, or a compatible third-party antivirus application. The antivirus software must set a registry key as described in the \"Setting the registry key\" section in this article to receive the January 2018 security updates.</li><li>Windows 7 SP1 and Windows Server 2008 R2 SP1 customersIn a default installation of Windows 7 SP1 or Windows Server 2008 R2 SP1, customers do not have an antivirus application installed. <a href=\"https://support.microsoft.com/en-us/help/14210/security-essentials-download\">In these situations, we recommend installing a compatible and supported antivirus application such as Microsoft Security Essentials or a third-party antivirus application. </a>\u00a0The antivirus software must set a registry key as described in the \"Setting the registry key\" section\u00a0for you to receive the January 2018 security updates.</li><li>Customers without antivirusIf you cannot install or run antivirus software, we recommend that you manually set\u00a0the registry key as described in the \"Setting the registry key\" section to receive the January 2018 security updates.</li><li>Setting the registry keyCaution Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, see the \"Changing keys and values\" help topic in Registry Editor or see the \"Add and delete information in the registry\" and \"Edit registry data\" help topics in Regedt32.exe.Important\u00a0You will not receive the January 2018 security updates or any later security updates\u00a0and you will not be protected from security vulnerabilities unless your antivirus software sets the following\u00a0registry key:Key=\"HKEY_LOCAL_MACHINE\" Subkey=\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\" Value=\"cadca5fe-87d3-4b96-b7fb-a231484277cc\" Type=\"REG_DWORD\u201d Data=\"0x00000000\u201d</li></ul><h2>How to obtain help and support for this security update</h2><ul><li>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update FAQ</a></li><li>Security solutions for IT professionals: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"_blank\">TechNet Security Support and Troubleshooting</a></li><li>Help for protecting your Windows-based products and services from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"_blank\">Microsoft Secure</a></li><li>Local support according to your country: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com\" managed-link=\"\" target=\"_blank\">International Support</a></li></ul></body></html>", "edition": 8, "modified": "2018-01-20T01:24:34", "id": "KB4055267", "href": "https://support.microsoft.com/en-us/help/4055267/", "published": "2018-01-20T01:24:34", "title": "Security and Quality Rollup for .NET Framework 2.0 SP2, 3.0 SP2, 4.5.2 and 4.6 updates for Windows Server 2008 SP2 (KB 4055267)", "type": "mskb", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T22:38:02", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "<html><body>Resolves a security feature bypass vulnerability and a Denial of Service vulnerability in .NET Framework and .NET core components.<h2></h2><div class=\"kb-summary-section section\">\ufeff\ufeff<a bookmark-id=\"appliestoproducts\" data-content-id=\"\" data-content-type=\"\" href=\"#appliestoproducts\" managed-link=\"\" target=\"\">View products that this article applies to.</a>\ufeff\ufeff </div><h2>Important</h2>If you have not been offered this security update, you may be running incompatible antivirus software, and you should contact the software vendor. We are working closely with antivirus software partners to make sure that all customers receive the January Windows security updates as soon as possible. For more information, go to <a href=\"https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software\">https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software</a> and see the \"Additional information about this security update\" section of this article. <h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and .NET Core components do not completely validate certificates. This security update addresses the vulnerability by helping to make sure that .NET Framework and .NET Core components completely validate certificates. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0786\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0786</a>.Additionally, this security update resolves a Denial of Service vulnerability that exists when .NET Framework and .NET core components improperly process XML documents. This update addresses the vulnerability by correcting how .NET Framework and .NET Core component applications handle XML document processing. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0764\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0764</a>.</div><h2></h2>Important<ul><li>All updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require that update <a href=\"https://support.microsoft.com/en-us/help/2919355\" target=\"_self\">KB 2919355</a> be installed. We recommend that you install update <a href=\"https://support.microsoft.com/en-us/help/2919355\" target=\"_self\">KB 2919355</a> on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive updates in the future.</li><li>All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 require that the d3dcompiler_47.dll be installed. We recommend that you install the included d3dcompiler_47.dll before you apply this update. For more information about the d3dcompiler_47.dll, see <a href=\"https://support.microsoft.com/en-us/help/4019990\">KB 4019990</a>.</li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/en-us/library/hh825699\" managed-link=\"\" target=\"_blank\">Add language packs to Windows</a>.</li></ul><h2>Additional information about this security update</h2><ul><li>Enhanced Key Usage (EKU) is described in <a href=\"https://tools.ietf.org/html/rfc5280#section-4.2.1.12\">RFC 5280 in section 4.2.1.12</a>. This extension indicates one or more purposes for which the certified public key may be used, in addition to or instead of the basic purposes that are indicated in the key usage extension. For example, a certificate that is used for the authentication of a client to a server must be configured for Client Authentication. Similarly, a certificate that is used for the authentication of a server must be configured for Server Authentication. With this change, besides requiring the appropriate client/server EKU on certificates, if the root certificate is disabled, the certificate chain validation will fail. When certificates are used for authentication, the authenticator examines the certificate that is provided by the remote endpoint and seeks the correct purpose object identifier in Application Policies extensions. When a certificate is used for client authentication, the object identifier for Client Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2. Likewise, when a certificate is used for server authentication, the object identifier for Server Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Server Authentication is 1.3.6.1.5.5.7.3.1. Certificates that have no EKU extension continue to authenticate correctly. First, consider making changes to your component\u2019s certificates to make sure that they are using the correct EKU OID attributes and are secured correctly. If you temporarily cannot access correctly reissued certificates, you can choose to opt in or out of the security change to avoid any connectivity effects. To do this, specify the following appsetting in the configuration file:<pre><appSettings> <add key=\"wcf:useLegacyCertificateUsagePolicy\" value=\"true\" /></appSettings></pre>Note Setting the value to \u201ctrue\u201d will opt out of the security changes.</li><li>The following articles contain additional information about this security\u00a0update as it relates to individual product versions.<ul class=\"indent-1\"><li><a data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4054177\" managed-link=\"\" target=\"\">4054177</a>\u00a0Description of the Security Only update for .NET Framework 3.5 SP1 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB 4054177)</li><li><a data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4054170\" managed-link=\"\" target=\"\">4054170</a>\u00a0Description of the Security Only update for .NET Framework 4.5.2 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB 4054170)</li><li><a data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com/kb/4054182\" managed-link=\"\" target=\"\">4054182</a>\u00a0Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB 4054182)</li></ul></li><li>Windows 10, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 customersWe recommend that all customers protect their devices by running compatible and supported antivirus software. Customers can take advantage of built-in antivirus protection, Windows Defender Antivirus, for Windows 8.1 and Windows 10 devices, or a compatible third-party antivirus application. The antivirus software must set a registry key as described in \"Setting the Registry Key,\" below,\u00a0to receive the January 2018 security updates.</li><li>Windows 7 SP1 and Windows Server 2008 R2 SP1 customersIn a default installation of Windows 7 SP1 or Windows Server 2008 R2 SP1, customers do not have an antivirus application installed. <a href=\"https://support.microsoft.com/en-us/help/14210/security-essentials-download\">In these situations, we recommend installing a compatible and supported antivirus application such as Microsoft Security Essentials or a third-party antivirus application. </a>The antivirus software must set a registry key as described in \"Setting the Registry Key,\" below, in order to receive the January 2018 security updates.</li><li>Customers without antivirus softwareIf customers cannot install or run antivirus software, we recommend manually setting the registry key as described in\u00a0\"Setting the Registry Key,\" below,\u00a0to receive the January 2018 security updates.</li><li>Setting the Registry KeyCaution Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the \"Changing keys and values\" help topic in Registry Editor or view the \"Add and delete information in the registry\" and \"Edit registry data\" help topics in Regedt32.exe.Note\u00a0Customers will not receive the January 2018 security updates (or any successive security updates) and will not be protected from security vulnerabilities unless their antivirus software sets the following registry key:Key=\"HKEY_LOCAL_MACHINE\" Subkey=\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\" Value=\"cadca5fe-87d3-4b96-b7fb-a231484277cc\" Type=\"REG_DWORD\u201d Data=\"0x00000000\u201d</li></ul><h2>How to obtain help and support for this security update</h2><ul><li>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update FAQ</a></li><li>Security solutions for IT professionals: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"_blank\">TechNet Security Support and Troubleshooting</a></li><li>Help for protecting your Windows-based products and services from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"_blank\">Microsoft Secure</a></li><li>Local support according to your country: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com\" managed-link=\"\" target=\"_blank\">International Support</a></li></ul><h2>Applies to</h2><div>\ufeffThis article applies to the following:</div><ul><li>Microsoft .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1\u00a0 when used with:<ul><li>Windows Server 2012 R2</li><li>Windows RT 8.1</li><li>Windows 8.1</li></ul></li></ul><div>\u00a0</div></body></html>", "edition": 3, "modified": "2018-04-11T19:31:19", "id": "KB4055271", "href": "https://support.microsoft.com/en-us/help/4055271/", "published": "2018-04-11T19:31:19", "title": "Security Only update for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (KB 4055271)", "type": "mskb", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T22:50:51", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "<html><body>Resolves a security feature bypass vulnerability and a denial of service vulnerability in .NET Framework and .NET core components.<h2>Notice</h2>This update has been released as part of the January 2018 Preview of the Quality Rollups for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 (<a data-content-id=\"4057271\" data-content-type=\"article\" href=\"\" managed-link=\"\">KB 4057271</a>).<h2>Important</h2>If you have not been offered this security update, you may be running incompatible antivirus software, and you should contact the software vendor. We are working closely with antivirus software partners to make sure that all customers receive the January Windows security updates as soon as possible. For more information, go to <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software\" target=\"\">Important: Windows security updates released January 3, 2018, and antivirus software</a>, and see the \"Additional information about this security update\" section of this article. <h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and .NET Core components do not completely validate certificates. This security update addresses the vulnerability by helping to make sure that .NET Framework and .NET Core components completely validate certificates. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0786\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0786</a>.Additionally, this security update resolves a denial of service vulnerability that exists when .NET Framework and .NET core components improperly process XML documents. This update addresses the vulnerability by correcting how .NET Framework and .NET Core component applications handle XML document processing. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0764\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0764</a>.</div><h2></h2>Important<ul><li>All updates for .NET Framework 4.6, 4.6.1, 4.6.2,\u00a04.7, and 4.7.1 require that the\u00a0d3dcompiler_47.dll is installed. We recommend that you install the included d3dcompiler_47.dll before you apply\u00a0this update. For more information about the d3dcompiler_47.dll, see\u00a0<a aria-live=\"rude\" data-bi-name=\"content-anchor-link\" data-content-id=\"4019990\" data-content-type=\"article\" href=\"https://support.microsoft.com/en-us/help/4019990\" managed-link=\"\" tabindex=\"0\">KB 4019990</a>.</li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/en-us/library/hh825699\" managed-link=\"\" target=\"_blank\">Add language packs to Windows</a>.</li></ul><h2>Additional information about this security update</h2><ul><li>Enhanced Key Usage (EKU) is described in <a href=\"https://tools.ietf.org/html/rfc5280#section-4.2.1.12\">RFC 5280 in section 4.2.1.12</a>. This extension indicates one or more purposes for which the certified\u00a0public key may be used\u00a0in addition to or instead of the basic purposes that are indicated in the key usage extension. For example, a certificate that is used for the authentication of a client to a server must be configured for Client Authentication. Similarly, a certificate that is used for the authentication of a server must be configured for Server Authentication. With this change, besides requiring the appropriate client/server EKU on certificates, if the root certificate is disabled, the certificate chain validation\u00a0fails. When certificates are used for authentication, the authenticator examines the certificate that is provided by the remote endpoint and seeks the correct purpose object identifier in Application Policies extensions. When a certificate is used for client authentication, the object identifier for Client Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2.\u00a0Likewise, when a certificate is used for server authentication, the object identifier for Server Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Server Authentication is 1.3.6.1.5.5.7.3.1. Certificates that have no EKU extension continue to authenticate correctly. First, consider making changes to your component\u2019s certificates to make sure that they are using the correct EKU OID attributes and are secured correctly. If you temporarily cannot access correctly reissued certificates, you can choose to opt in or out of the security change to avoid any connectivity effects. To do this, specify the following appsetting in the configuration file:<pre><appSettings> <add key=\"wcf:useLegacyCertificateUsagePolicy\" value=\"true\" /></appSettings></pre>Note Setting the value to \u201ctrue\u201d will opt out of the security changes.</li><li>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.<ul class=\"indent-1\"><li><a data-content-id=\"4055000\" data-content-type=\"article\" href=\"\" managed-link=\"\">4055000</a>\u00a0Description of the Security and Quality Rollup for the .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows Server 2012 (KB 4055000)</li><li><a data-content-id=\"4054994\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054994</a>\u00a0Description of the Security and Quality Rollup for the .NET Framework 4.5.2 for Windows Server 2012 (KB 4054994)</li><li><a data-content-id=\"4054997\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054997</a>\u00a0Description of the Security and Quality Rollup for the .NET Framework 3.5 SP1 for Windows Server 2012 (KB 4054997)</li></ul></li><li>Windows 10, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 customersWe recommend that all customers protect their devices by running\u00a0compatible and supported antivirus software. Customers can take advantage of built-in antivirus protection, Windows Defender Antivirus, for Windows 8.1 and Windows 10 devices or a compatible third-party antivirus application. The antivirus software must set a registry key as described in \"Setting the registry key,\" below, for you to receive the January 2018 security updates.</li><li>Windows 7 SP1 and Windows Server 2008 R2 SP1 customersA default installation of Windows 7 SP1 or Windows Server 2008 R2 SP1\u00a0does not have an antivirus application installed. <a href=\"https://support.microsoft.com/en-us/help/14210/security-essentials-download\">In these situations, we recommend installing a compatible and supported antivirus application such as Microsoft Security Essentials or a third-party antivirus application. </a>The antivirus software must set a registry key as described in \"Setting the registry key,\" below, for you to receive the January 2018 security updates.</li><li>Customers without antivirusIf you cannot install or run antivirus software, we recommend manually setting the registry key as described in \"Setting the registry key,\" below, for you to receive the January 2018 security updates.</li><li>Setting the registry keyCaution Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the \"Changing keys and values\" help topic in Registry Editor or view the \"Add and delete information in the registry\" and \"Edit registry data\" help topics in Regedt32.exe.Note\u00a0You will not receive the January 2018 security updates (or any successive security updates) and will not be protected from security vulnerabilities unless your antivirus software\u00a0sets the following registry key:Key=\"HKEY_LOCAL_MACHINE\" Subkey=\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\" Value=\"cadca5fe-87d3-4b96-b7fb-a231484277cc\" Type=\"REG_DWORD\u201d Data=\"0x00000000\u201d</li></ul><h2>How to obtain help and support for this security update</h2><ul><li>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update FAQ</a></li><li>Security solutions for IT professionals: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"_blank\">TechNet Security Support and Troubleshooting</a></li><li>Help for protecting your Windows-based products and services from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"_blank\">Microsoft Secure</a></li><li>Local support according to your country: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com\" managed-link=\"\" target=\"_blank\">International Support</a></li></ul></body></html>", "edition": 7, "modified": "2018-01-20T01:24:36", "id": "KB4055265", "href": "https://support.microsoft.com/en-us/help/4055265/", "published": "2018-01-20T01:24:36", "title": "Security and Quality Rollup for the .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 updates for Windows Server 2012 (KB 4055265)", "type": "mskb", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T22:42:18", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "<html><body>Resolves a security feature bypass vulnerability and a Denial of Service vulnerability in .NET Framework and .NET core components.<h2></h2><div class=\"kb-summary-section section\">\ufeff\ufeff<a bookmark-id=\"appliestoproducts\" data-content-id=\"\" data-content-type=\"\" href=\"#appliestoproducts\" managed-link=\"\" target=\"\">View products that this article applies to.</a>\ufeff\ufeff </div><h2>Important</h2>If you have not been offered this security update, you may be running incompatible antivirus software, and you should contact the software vendor. We are working closely with antivirus software partners to make sure that all customers receive the January Windows security updates as soon as possible. For more information, go to <a href=\"https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software\">https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software</a> and see the \"Additional information about this security update\" section of this article. <h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and .NET Core components do not completely validate certificates. This security update addresses the vulnerability by helping to make sure that .NET Framework and .NET Core components completely validate certificates. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0786\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0786</a>.Additionally, this security update resolves a Denial of Service vulnerability that exists when .NET Framework and .NET core components improperly process XML documents. This update addresses the vulnerability by correcting how .NET Framework and .NET Core component applications handle XML document processing. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0764\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0764</a>.</div><h2></h2>Important<ul><li>All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 require that the d3dcompiler_47.dll\u00a0be installed. We recommend that you install the included d3dcompiler_47.dll before you apply this update. For more information about the d3dcompiler_47.dll, see <a href=\"https://support.microsoft.com/en-us/help/4019990\">KB 4019990</a>.</li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/en-us/library/hh825699\" managed-link=\"\" target=\"_blank\">Add language packs to Windows</a>.</li></ul><h2>Additional information about this security update</h2><ul><li>Enhanced Key Usage (EKU) is described in <a href=\"https://tools.ietf.org/html/rfc5280#section-4.2.1.12\">RFC 5280 in section 4.2.1.12</a>. This extension indicates one or more purposes for which the certified public key may be used, in addition to or instead of the basic purposes that are indicated in the key usage extension. For example, a certificate that is used for the authentication of a client to a server must be configured for Client Authentication. Similarly, a certificate that is used for the authentication of a server must be configured for Server Authentication. With this change, besides requiring the appropriate client/server EKU on certificates, if the root certificate is disabled, the certificate chain validation will fail. When certificates are used for authentication, the authenticator examines the certificate that is provided by the remote endpoint and seeks the correct purpose object identifier in Application Policies extensions. When a certificate is used for client authentication, the object identifier for Client Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2. Likewise, when a certificate is used for server authentication, the object identifier for Server Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Server Authentication is 1.3.6.1.5.5.7.3.1. Certificates that have no EKU extension continue to authenticate correctly. First, consider making changes to your component\u2019s certificates to make sure that they are using the correct EKU OID attributes and are secured correctly. If you temporarily cannot access correctly reissued certificates, you can choose to opt in or out of the security change to avoid any connectivity effects. To do this, specify the following appsetting in the configuration file:<pre><appSettings> <add key=\"wcf:useLegacyCertificateUsagePolicy\" value=\"true\" /></appSettings></pre>Note Setting the value to \u201ctrue\u201d will opt out of the security changes.</li><li>The following articles contain additional information about this security\u00a0update as it relates to individual product versions.<ul class=\"indent-1\"><li><a data-content-id=\"4054176\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054176</a>\u00a0Description of the Security Only update for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4054176)</li><li><a data-content-id=\"4054172\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054172</a>\u00a0Description of the Security Only update for .NET Framework 4.5.2 for Windows 7 SP1, Windows Server 2008 R2 SP1, and Windows Server 2008 SP2 (KB 4054172)</li><li><a data-content-id=\"4054183\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054183</a>\u00a0Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and .NET Framework 4.6 for Windows Server 2008 SP2 (KB 4054183)</li></ul></li><li>Windows 10, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 CustomersWe recommend that all customers protect their devices by running\u00a0compatible and supported antivirus software. Customers can take advantage of built-in antivirus protection, Windows Defender Antivirus, for Windows 8.1 and Windows 10 devices or a compatible third-party antivirus application. The antivirus software must set a registry key as described in the \"Setting the Registry Key\" to receive the January 2018 security updates.Windows 7 SP1 and Windows Server 2008 R2 SP1 CustomersIn a default installation of Windows 7 SP1 or Windows Server 2008 R2 SP1, customers will not have an antivirus application installed. <a href=\"https://support.microsoft.com/en-us/help/14210/security-essentials-download\">In these situations, we recommend installing a compatible and supported antivirus application such as Microsoft Security Essentials or a third-party antivirus application. </a>\u00a0The antivirus software must set a registry key as described in the \"Setting the Registry Key\" in order to receive the January 2018 security updates.Customers without antivirus protectionIf customers cannot install or run antivirus software, we recommend manually setting the registry key as described in the \"Setting the Registry Key\" in order to receive the January 2018 security updates.Setting the registry keyCaution Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the \"Changing keys and values\" help topic in Registry Editor or view the \"Add and delete information in the registry\" and \"Edit registry data\" help topics in Regedt32.exe.Note\u00a0Customers will not receive the January 2018 security updates (or any successive security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key:Key=\"HKEY_LOCAL_MACHINE\" Subkey=\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\" Value=\"cadca5fe-87d3-4b96-b7fb-a231484277cc\" Type=\"REG_DWORD\u201d Data=\"0x00000000\u201d</li></ul><h2>How to obtain help and support for this security update</h2><ul><li>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update FAQ</a></li><li>Security solutions for IT professionals: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"_blank\">TechNet Security Support and Troubleshooting</a></li><li>Help for protecting your Windows-based products and services from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"_blank\">Microsoft Secure</a></li><li>Local support according to your country: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com\" managed-link=\"\" target=\"_blank\">International Support</a></li></ul><h2>Applies to</h2><div>\ufeffThis article applies to the following:</div><ul><li>Microsoft .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1\u00a0when used with:<ul><li>Windows Server 2008 R2 Service Pack 1</li><li>Windows 7 Service Pack 1</li></ul></li></ul><div>\u00a0</div></body></html>", "edition": 3, "modified": "2018-01-20T01:24:34", "id": "KB4055269", "href": "https://support.microsoft.com/en-us/help/4055269/", "published": "2018-01-20T01:24:34", "title": "Security Only update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 updates for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB 4055269)", "type": "mskb", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T22:47:34", "bulletinFamily": "microsoft", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "description": "<html><body>Resolves a security feature bypass vulnerability and a denial of service vulnerability in .NET Framework and .NET core components.<h2>Notice</h2>This update has been released as part of the January 2018 Preview of the Quality Rollups for .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1 for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 (<a data-content-id=\"4057272\" data-content-type=\"article\" href=\"\" managed-link=\"\">KB 4057272</a>).<h2>Important</h2>If you have not been offered this security update, you may be running incompatible antivirus software, and you should contact the software vendor. We are working closely with antivirus software partners to make sure that all customers receive the January Windows security updates as soon as possible. For more information, go to <a data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software\" target=\"\">Important: Windows security updates released January 3, 2018, and antivirus software</a>, and see the \"Additional information about this security update\" section of this article. <h2>Summary</h2><div class=\"kb-summary-section section\">This security update resolves a security feature bypass vulnerability that exists when Microsoft .NET Framework and .NET Core components do not completely validate certificates. This security update addresses the vulnerability by helping to make sure that .NET Framework and .NET Core components completely validate certificates. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0786\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0786</a>.Additionally, this security update resolves a Denial of Service vulnerability that exists when .NET Framework and .NET core components improperly process XML documents. This update addresses the vulnerability by correcting how .NET Framework and .NET Core component applications handle XML document processing. To learn more about this vulnerability, see <a href=\"https://portal.msrc.microsoft.com/security-guidance/advisory/CVE-2018-0764\">Microsoft Common Vulnerabilities and Exposures CVE-2018-0764</a>.</div><h2></h2>Important<ul><li>All updates for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 require that update <a href=\"https://support.microsoft.com/en-us/help/2919355\" target=\"_self\">KB 2919355</a> is installed. We recommend that you install update <a href=\"https://support.microsoft.com/en-us/help/2919355\" target=\"_self\">KB 2919355</a> on your Windows RT 8.1-based, Windows 8.1-based, or Windows Server 2012 R2-based computer so that you receive updates in the future.</li><li>If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/en-us/library/hh825699\" managed-link=\"\" target=\"_blank\">Add language packs to Windows</a>.</li></ul><h2>Additional information about this security update</h2><ul><li>Enhanced Key Usage (EKU) is described in <a href=\"https://tools.ietf.org/html/rfc5280#section-4.2.1.12\">RFC 5280 in section 4.2.1.12</a>. This extension indicates one or more purposes for which the certified\u00a0public key may be used\u00a0in addition to or instead of the basic purposes that are indicated in the key usage extension. For example, a certificate that is used for the authentication of a client to a server must be configured for Client Authentication. Similarly, a certificate that is used for the authentication of a server must be configured for Server Authentication. With this change, besides requiring the appropriate client/server EKU on certificates, if the root certificate is disabled, the certificate chain validation will fail. When certificates are used for authentication, the authenticator examines the certificate that is provided by the remote endpoint and seeks the correct purpose object identifier in Application Policies extensions. When a certificate is used for client authentication, the object identifier for Client Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Client Authentication is 1.3.6.1.5.5.7.3.2.\u00a0Likewise, when a certificate is used for server authentication, the object identifier for Server Authentication must be present in the EKU extensions of the certificate, or authentication fails. The object identifier for Server Authentication is 1.3.6.1.5.5.7.3.1. Certificates that have no EKU extension continue to authenticate correctly. First, consider making changes to your component\u2019s certificates to make sure that they are using the correct EKU OID attributes and are secured correctly. If you temporarily cannot access correctly reissued certificates, you can choose to opt in or out of the security change to avoid any connectivity effects. To do this, specify the following appsetting in the configuration file:<pre><appSettings> <add key=\"wcf:useLegacyCertificateUsagePolicy\" value=\"true\" /></appSettings></pre>Note Setting the value to \u201ctrue\u201d will opt out of the security changes.</li><li>The following articles contain additional information about this security update as it relates to individual product versions. The articles may contain known issue information.<ul class=\"indent-1\"><li><a data-content-id=\"4055001\" data-content-type=\"article\" href=\"\" managed-link=\"\">4055001</a>\u00a0Description of the Security and Quality Rollup for the .NET Framework 4.6, 4.6.1, 4.6.2, 4.7,\u00a0and 4.7.1 for Windows 8.1,\u00a0RT 8.1, and Server 2012 R2 (KB 4055001)</li><li><a data-content-id=\"4054993\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054993</a>\u00a0Description of the Security and Quality Rollup for the .NET Framework 4.5.2 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4054993)</li><li><a data-content-id=\"4054999\" data-content-type=\"article\" href=\"\" managed-link=\"\">4054999</a>\u00a0Description of the Security and Quality Rollup for the .NET Framework 3.5 SP1 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4054999)</li></ul></li><li>Windows 10, Windows 8.1, Windows Server 2012 R2, and Windows Server 2016 customersWe recommend that all customers protect their devices by running\u00a0compatible and supported antivirus software. Customers can take advantage of built-in antivirus protection, Windows Defender Antivirus, for Windows 8.1 and Windows 10 devices or a compatible third-party antivirus application. The antivirus software must set a registry key as described in the \"Setting the registry key,\" below, for you to receive the January 2018 security updates.</li><li>Windows 7 SP1 and Windows Server 2008 R2 SP1 customersA default installation of Windows 7 SP1 or Windows Server 2008 R2 SP1 will not have an antivirus application installed. <a href=\"https://support.microsoft.com/en-us/help/14210/security-essentials-download\">In these situations, we recommend installing a compatible and supported antivirus application such as Microsoft Security Essentials or a third-party antivirus application. </a>The antivirus software must set a registry key as described in the \"Setting the registry key,\" below, for you to receive the January 2018 security updates.</li><li>Customers without antivirusIf you cannot install or run antivirus software, we recommend manually setting the registry key as described in \"Setting the registry key,\" below, to receive the January 2018 security updates.</li><li>Setting the registry keyCaution Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. For information about how to edit the registry, view the \"Changing keys and values\" help topic in Registry Editor or view the \"Add and delete information in the registry\" and \"Edit registry data\" help topics in Regedt32.exe.Note\u00a0You will not receive the January 2018 security updates (or any successive security updates) and will not be protected from security vulnerabilities unless your antivirus software\u00a0sets the following registry key:Key=\"HKEY_LOCAL_MACHINE\" Subkey=\"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\QualityCompat\" Value=\"cadca5fe-87d3-4b96-b7fb-a231484277cc\" Type=\"REG_DWORD\u201d Data=\"0x00000000\u201d</li></ul><h2>How to obtain help and support for this security update</h2><ul><li>Help for installing updates: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/en-us/help/12373/windows-update-faq\" managed-link=\"\" target=\"_blank\">Windows Update FAQ</a></li><li>Security solutions for IT professionals: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://technet.microsoft.com/security/bb980617.aspx\" managed-link=\"\" target=\"_blank\">TechNet Security Support and Troubleshooting</a></li><li>Help for protecting your Windows-based products and services from viruses and malware: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"https://support.microsoft.com/contactus/cu_sc_virsec_master\" managed-link=\"\" target=\"_blank\">Microsoft Secure</a></li><li>Local support according to your country: <a bookmark-id=\"\" data-content-id=\"\" data-content-type=\"\" href=\"http://support.microsoft.com\" managed-link=\"\" target=\"_blank\">International Support</a></li></ul></body></html>", "edition": 7, "modified": "2018-01-20T01:24:36", "id": "KB4055266", "href": "https://support.microsoft.com/en-us/help/4055266/", "published": "2018-01-20T01:24:36", "title": "Security and Quality Rollup for the .NET Framework 3.5 SP1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7 and 4.7.1 updates for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4055266)", "type": "mskb", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-01T05:45:04", "description": "The remote Windows host has an installation of .NET Core\nwith a version less than 2.0.5. Therefore, the host is affected\nby multiple vulnerabilities :\n\n - A security feature bypass in X509 Certificate Validation\n allows an attacker to present a certificate that is\n marked as invalid for a specific use, but a component\n uses it for that purpose. (CVE-2018-0786)\n\n - A denial of service vulnerability exists due to improper\n processing of XML documents. An attacker who\n successfully exploited this vulnerability could cause\n a denial of service against a .NET application. A\n remote unauthenticated attacker could exploit this\n vulnerability by issuing specially crafted requests\n to a .NET Core application. (CVE-2018-0764)", "edition": 28, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-01-10T00:00:00", "title": "Security Update for .NET Core (January 2018)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:microsoft:.net_core"], "id": "SMB_NT_MS18_JAN_DOTNET_CORE.NASL", "href": "https://www.tenable.com/plugins/nessus/105730", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105730);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n\n script_name(english:\"Security Update for .NET Core (January 2018)\");\n script_summary(english:\"Checks for Windows Install of .NET Core.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by a .NET Core runtime\nvulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host has an installation of .NET Core\nwith a version less than 2.0.5. Therefore, the host is affected\nby multiple vulnerabilities :\n\n - A security feature bypass in X509 Certificate Validation\n allows an attacker to present a certificate that is\n marked as invalid for a specific use, but a component\n uses it for that purpose. (CVE-2018-0786)\n\n - A denial of service vulnerability exists due to improper\n processing of XML documents. An attacker who\n successfully exploited this vulnerability could cause\n a denial of service against a .NET application. A\n remote unauthenticated attacker could exploit this\n vulnerability by issuing specially crafted requests\n to a .NET Core application. (CVE-2018-0764)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/dotnet/announcements/issues/51\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/dotnet/announcements/issues/52\");\n # https://blogs.msdn.microsoft.com/dotnet/2018/01/09/net-core-january-2018-update/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ebdb4bc7\");\n # https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.9.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6ee5ffe3\");\n # https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.6.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e1e826f0\");\n # https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.5.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9a103486\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3759d74b\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf7d5ce3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update to .NET Core Runtime version 1.09 / 1.1.6 / 2.0.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_core\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_dotnet_core_win.nbin\");\n script_require_keys(\"installed_sw/.NET Core Windows\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"audit.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\n\nappname = '.NET Core Windows';\nport = kb_smb_transport();\n\ninstalls = get_installs(app_name:appname, exit_if_not_found:TRUE);\n\nreport = '';\n\nforeach install (installs[1])\n{\n version = install['version'];\n path = install['path'];\n\n fix = '';\n # Affected: 1.0.x < 1.0.9 / 1.1.x < 1.1.6 / 2.0.x < 2.0.5\n if (version =~ '^2\\\\.0\\\\.') fix = '2.0.5.26021';\n else if (version =~ '^1\\\\.1\\\\.') fix = '1.1.6.1663';\n else if (version =~ '^1\\\\.0\\\\.') fix = '1.0.9.5018';\n\n if (fix != '' && ver_compare(ver:version, fix:fix) < 0)\n {\n report +=\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n }\n}\n\nif (report != '')\n{\n security_report_v4(port:port, severity:SECURITY_WARNING, extra:report);\n exit(0);\n}\n\naudit(AUDIT_INST_VER_NOT_VULN, appname);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T05:44:51", "description": "The .NET Framework installation on the remote host is missing a\nsecurity update. It is, therefore, affected by the following\nvulnerabilities:\n\n - A Denial of Service vulnerability exists when .NET, and\n .NET core, improperly process XML documents. An attacker\n who successfully exploited this vulnerability could\n cause a denial of service against a .NET application. A\n remote unauthenticated attacker could exploit this\n vulnerability by issuing specially crafted requests to a\n .NET(or .NET core) application. (CVE-2018-0764)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework (and .NET Core) components do\n not completely validate certificates. An attacker could\n present a certificate that is marked invalid for a\n specific use, but the component uses it for that\n purpose. This action disregards the Enhanced Key Usage\n taggings. (CVE-2018-0786)", "edition": 31, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-01-10T00:00:00", "title": "Security and Quality Rollup for .NET Framework (January 2018)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:microsoft:.net_framework"], "id": "SMB_NT_MS18_JAN_4055266.NASL", "href": "https://www.tenable.com/plugins/nessus/105731", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105731);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n script_bugtraq_id(102380, 102387);\n script_xref(name:\"MSKB\", value:\"4054170\");\n script_xref(name:\"MSKB\", value:\"4054171\");\n script_xref(name:\"MSKB\", value:\"4054172\");\n script_xref(name:\"MSKB\", value:\"4054174\");\n script_xref(name:\"MSKB\", value:\"4054175\");\n script_xref(name:\"MSKB\", value:\"4054176\");\n script_xref(name:\"MSKB\", value:\"4054177\");\n script_xref(name:\"MSKB\", value:\"4054181\");\n script_xref(name:\"MSKB\", value:\"4054182\");\n script_xref(name:\"MSKB\", value:\"4054183\");\n script_xref(name:\"MSKB\", value:\"4054993\");\n script_xref(name:\"MSKB\", value:\"4054994\");\n script_xref(name:\"MSKB\", value:\"4054995\");\n script_xref(name:\"MSKB\", value:\"4054996\");\n script_xref(name:\"MSKB\", value:\"4054997\");\n script_xref(name:\"MSKB\", value:\"4054998\");\n script_xref(name:\"MSKB\", value:\"4054999\");\n script_xref(name:\"MSKB\", value:\"4055000\");\n script_xref(name:\"MSKB\", value:\"4055001\");\n script_xref(name:\"MSKB\", value:\"4055002\");\n script_xref(name:\"MSKB\", value:\"4055266\");\n script_xref(name:\"MSFT\", value:\"MS18-4054170\");\n script_xref(name:\"MSFT\", value:\"MS18-4054171\");\n script_xref(name:\"MSFT\", value:\"MS18-4054172\");\n script_xref(name:\"MSFT\", value:\"MS18-4054174\");\n script_xref(name:\"MSFT\", value:\"MS18-4054175\");\n script_xref(name:\"MSFT\", value:\"MS18-4054176\");\n script_xref(name:\"MSFT\", value:\"MS18-4054177\");\n script_xref(name:\"MSFT\", value:\"MS18-4054181\");\n script_xref(name:\"MSFT\", value:\"MS18-4054182\");\n script_xref(name:\"MSFT\", value:\"MS18-4054183\");\n script_xref(name:\"MSFT\", value:\"MS18-4054993\");\n script_xref(name:\"MSFT\", value:\"MS18-4054994\");\n script_xref(name:\"MSFT\", value:\"MS18-4054995\");\n script_xref(name:\"MSFT\", value:\"MS18-4054996\");\n script_xref(name:\"MSFT\", value:\"MS18-4054997\");\n script_xref(name:\"MSFT\", value:\"MS18-4054998\");\n script_xref(name:\"MSFT\", value:\"MS18-4054999\");\n script_xref(name:\"MSFT\", value:\"MS18-4055000\");\n script_xref(name:\"MSFT\", value:\"MS18-4055001\");\n script_xref(name:\"MSFT\", value:\"MS18-4055002\");\n script_xref(name:\"MSFT\", value:\"MS18-4055266\");\n\n script_name(english:\"Security and Quality Rollup for .NET Framework (January 2018)\");\n script_summary(english:\"Checks the file versions.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has a software framework installed that is\naffected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The .NET Framework installation on the remote host is missing a\nsecurity update. It is, therefore, affected by the following\nvulnerabilities:\n\n - A Denial of Service vulnerability exists when .NET, and\n .NET core, improperly process XML documents. An attacker\n who successfully exploited this vulnerability could\n cause a denial of service against a .NET application. A\n remote unauthenticated attacker could exploit this\n vulnerability by issuing specially crafted requests to a\n .NET(or .NET core) application. (CVE-2018-0764)\n\n - A security feature bypass vulnerability exists when\n Microsoft .NET Framework (and .NET Core) components do\n not completely validate certificates. An attacker could\n present a certificate that is marked invalid for a\n specific use, but the component uses it for that\n purpose. This action disregards the Enhanced Key Usage\n taggings. (CVE-2018-0786)\");\n # https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/858123b8-25ca-e711-a957-000d3a33cf99\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cb615d29\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf7d5ce3\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3759d74b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Microsoft .NET Framework\n2.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, and 4.7.1\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_framework\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_dotnet_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"microsoft_net_framework_installed.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = \"MS18-01\";\nkbs = make_list(\n '4054170',\n '4054171',\n '4054172',\n '4054174',\n '4054175',\n '4054176',\n '4054177',\n '4054181',\n '4054182',\n '4054183',\n '4054993',\n '4054994',\n '4054995',\n '4054996',\n '4054997',\n '4054998',\n '4054999',\n '4055000',\n '4055001',\n '4055002',\n '4055266'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_WARNING);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2', win7:'1', win8:'0', win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"Windows 8.1\" >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\nelse if (\"Vista\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\nelse if (\"Windows 10\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\nelse if (\"Server 2016\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\napp = 'Microsoft .NET Framework';\nget_install_count(app_name:app, exit_if_zero:TRUE);\ninstalls = get_combined_installs(app_name:app);\n\nvuln = 0;\n\nif (installs[0] == 0)\n{\n foreach install (installs[1])\n {\n version = install['version'];\n if( version != UNKNOWN_VER &&\n smb_check_dotnet_rollup(rollup_date:\"01_2018\", dotnet_ver:version))\n vuln++;\n }\n}\nif(vuln)\n{\n hotfix_security_warning();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, \"affected\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T03:40:17", "description": "The Microsoft .NET Core runtime installed on the remote macOS\nor Mac OS X host is missing a security update. It is, therefore,\naffected by multiple vulnerabilities :\n\n - A security feature bypass in X509 Certificate Validation\n allows an attacker to present a certificate that is\n marked as invalid for a specific use, but a component\n uses it for that purpose. (CVE-2018-0786)\n\n - A denial of service vulnerability exists due to improper\n processing of XML documents. An attacker who\n successfully exploited this vulnerability could cause\n a denial of service against a .NET application. A\n remote unauthenticated attacker could exploit this\n vulnerability by issuing specially crafted requests\n to a .NET Core application. (CVE-2018-0764)", "edition": 27, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2018-01-10T00:00:00", "title": "Security Update for .NET Core (January 2018) (macOS)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0786", "CVE-2018-0764"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:microsoft:.net_core"], "id": "MACOSX_MS18_JAN_DOTNET_CORE.NASL", "href": "https://www.tenable.com/plugins/nessus/105729", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(105729);\n script_version(\"1.6\");\n script_cvs_date(\"Date: 2019/11/08\");\n\n script_cve_id(\"CVE-2018-0764\", \"CVE-2018-0786\");\n\n script_name(english:\"Security Update for .NET Core (January 2018) (macOS)\");\n script_summary(english:\"Checks the version of the .NET Core runtime.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"An application installed on the remote macOS or Mac OS X host is\naffected by a denial of service vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft .NET Core runtime installed on the remote macOS\nor Mac OS X host is missing a security update. It is, therefore,\naffected by multiple vulnerabilities :\n\n - A security feature bypass in X509 Certificate Validation\n allows an attacker to present a certificate that is\n marked as invalid for a specific use, but a component\n uses it for that purpose. (CVE-2018-0786)\n\n - A denial of service vulnerability exists due to improper\n processing of XML documents. An attacker who\n successfully exploited this vulnerability could cause\n a denial of service against a .NET application. A\n remote unauthenticated attacker could exploit this\n vulnerability by issuing specially crafted requests\n to a .NET Core application. (CVE-2018-0764)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/dotnet/announcements/issues/51\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/dotnet/announcements/issues/52\");\n # https://blogs.msdn.microsoft.com/dotnet/2018/01/09/net-core-january-2018-update/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ebdb4bc7\");\n # https://github.com/dotnet/core/blob/master/release-notes/1.0/1.0.9.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6ee5ffe3\");\n # https://github.com/dotnet/core/blob/master/release-notes/1.1/1.1.6.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e1e826f0\");\n # https://github.com/dotnet/core/blob/master/release-notes/2.0/2.0.5.md\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9a103486\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3759d74b\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf7d5ce3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to .NET Core Runtime version 1.0.9 / 1.1.6 / 2.0.5 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-0786\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/01/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_core\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"macosx_dotnet_core_installed.nbin\");\n script_require_keys(\"installed_sw/.NET Core MacOS\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"install_func.inc\");\n\napp = \".NET Core MacOS\";\n\nget_install_count(app_name:app, exit_if_zero:TRUE);\n\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\nfix_ver = \"2.0.5\";\nversion = install['version'];\n\nif (ver_compare(ver: version, fix: fix_ver) < 0)\n{\n report =\n '\\n Path : ' + install['path'] +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix_ver +\n '\\n';\n\n security_report_v4(port:0, severity:SECURITY_WARNING, extra:report);\n exit(0);\n}\n\naudit(AUDIT_INST_VER_NOT_VULN, app, version);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-01-01T05:10:33", "description": "An update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and\nrh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat\nEnterprise Linux.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n.NET Core is a managed software framework. It implements a subset of\nthe .NET framework APIs and includes a CLR implementation.\n\nNew versions of .NET Core that address several security\nvulnerabilities are now available. The updated versions are .NET Core\n1.0.9, 1.1.6, and 2.0.5.\n\nSecurity Fix(es) :\n\n* .NET Core: Improper processing of XML documents can cause a denial\nof service (CVE-2018-0764)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.", "edition": 24, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2018-03-02T00:00:00", "title": "RHEL 7 : .NET Core on Red Hat Enterprise Linux (RHSA-2018:0379)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-0764"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet-runtime-2.0", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet-sdk-2.1", "p-cpe:/a:redhat:enterprise_linux:rh-dotnetcore10-dotnetcore", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:rh-dotnetcore10-dotnetcore-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rh-dotnetcore11-dotnetcore-debuginfo", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet-host", "p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet", "p-cpe:/a:redhat:enterprise_linux:rh-dotnetcore11-dotnetcore"], "id": "REDHAT-RHSA-2018-0379.NASL", "href": "https://www.tenable.com/plugins/nessus/107114", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2018:0379. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(107114);\n script_version(\"3.7\");\n script_cvs_date(\"Date: 2019/10/24 15:35:44\");\n\n script_cve_id(\"CVE-2018-0764\");\n script_xref(name:\"RHSA\", value:\"2018:0379\");\n\n script_name(english:\"RHEL 7 : .NET Core on Red Hat Enterprise Linux (RHSA-2018:0379)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"An update for rh-dotnet20-dotnet, rh-dotnetcore10-dotnetcore, and\nrh-dotnetcore11-dotnetcore is now available for .NET Core on Red Hat\nEnterprise Linux.\n\nRed Hat Product Security has rated this update as having a security\nimpact of Moderate. A Common Vulnerability Scoring System (CVSS) base\nscore, which gives a detailed severity rating, is available for each\nvulnerability from the CVE link(s) in the References section.\n\n.NET Core is a managed software framework. It implements a subset of\nthe .NET framework APIs and includes a CLR implementation.\n\nNew versions of .NET Core that address several security\nvulnerabilities are now available. The updated versions are .NET Core\n1.0.9, 1.1.6, and 2.0.5.\n\nSecurity Fix(es) :\n\n* .NET Core: Improper processing of XML documents can cause a denial\nof service (CVE-2018-0764)\n\nFor more details about the security issue(s), including the impact, a\nCVSS score, and other related information, refer to the CVE page(s)\nlisted in the References section.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/dotnet/announcements/issues/52\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2018:0379\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2018-0764\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet-host\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet-runtime-2.0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnet20-dotnet-sdk-2.1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnetcore10-dotnetcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnetcore10-dotnetcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnetcore11-dotnetcore\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rh-dotnetcore11-dotnetcore-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/01/10\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/03/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 7.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2018:0379\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rh-dotnet20-dotnet-2.0.5-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rh-dotnet20-dotnet-debuginfo-2.0.5-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rh-dotnet20-dotnet-host-2.0.5-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rh-dotnet20-dotnet-runtime-2.0-2.0.5-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rh-dotnet20-dotnet-sdk-2.1-2.1.4-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rh-dotnetcore10-dotnetcore-1.0.9-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rh-dotnetcore10-dotnetcore-debuginfo-1.0.9-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rh-dotnetcore11-dotnetcore-1.1.6-1.el7\")) flag++;\n if (rpm_check(release:\"RHEL7\", cpu:\"x86_64\", reference:\"rh-dotnetcore11-dotnetcore-debuginfo-1.1.6-1.el7\")) flag++;\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rh-dotnet20-dotnet / rh-dotnet20-dotnet-debuginfo / etc\");\n }\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "kaspersky": [{"lastseen": "2020-09-02T11:45:13", "bulletinFamily": "info", "cvelist": ["CVE-2018-0784", "CVE-2018-0785", "CVE-2018-0786", "CVE-2018-0764"], "description": "### *Detect date*:\n01/09/2018\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple serious vulnerabilities have been found in Microsoft .NET Core, ASP.NET Core, Microsoft Excel and Microsoft Office Compatibility Pack. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, bypass security restrictions and gain privileges.\n\n### *Affected products*:\nMicrosoft .NET Framework 4.7.1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2018-0784](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0784>) \n[CVE-2018-0785](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0785>) \n[CVE-2018-0786](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786>) \n[CVE-2018-0764](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0764>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft .NET Framework](<https://threats.kaspersky.com/en/product/Microsoft-.NET-Framework/>)\n\n### *CVE-IDS*:\n[CVE-2018-0784](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0784>)0.0Unknown \n[CVE-2018-0785](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0785>)0.0Unknown \n[CVE-2018-0786](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0786>)0.0Unknown \n[CVE-2018-0764](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0764>)0.0Unknown\n\n### *Microsoft official advisories*:\n\n\n### *KB list*:\n[4056888](<http://support.microsoft.com/kb/4056888>) \n[4056890](<http://support.microsoft.com/kb/4056890>) \n[4056893](<http://support.microsoft.com/kb/4056893>) \n[4056891](<http://support.microsoft.com/kb/4056891>) \n[4056892](<http://support.microsoft.com/kb/4056892>) \n[4054176](<http://support.microsoft.com/kb/4054176>) \n[4054177](<http://support.microsoft.com/kb/4054177>) \n[4054174](<http://support.microsoft.com/kb/4054174>) \n[4054175](<http://support.microsoft.com/kb/4054175>) \n[4054172](<http://support.microsoft.com/kb/4054172>) \n[4054995](<http://support.microsoft.com/kb/4054995>) \n[4054170](<http://support.microsoft.com/kb/4054170>) \n[4054171](<http://support.microsoft.com/kb/4054171>) \n[4054998](<http://support.microsoft.com/kb/4054998>) \n[4054999](<http://support.microsoft.com/kb/4054999>) \n[4054181](<http://support.microsoft.com/kb/4054181>) \n[4054997](<http://support.microsoft.com/kb/4054997>) \n[4054996](<http://support.microsoft.com/kb/4054996>) \n[4054993](<http://support.microsoft.com/kb/4054993>) \n[4055001](<http://support.microsoft.com/kb/4055001>) \n[4055000](<http://support.microsoft.com/kb/4055000>) \n[4055002](<http://support.microsoft.com/kb/4055002>) \n[4054994](<http://support.microsoft.com/kb/4054994>) \n[4054182](<http://support.microsoft.com/kb/4054182>) \n[4054183](<http://support.microsoft.com/kb/4054183>) \n[4074880](<http://support.microsoft.com/kb/4074880>)", "edition": 39, "modified": "2020-05-22T00:00:00", "published": "2018-01-09T00:00:00", "id": "KLA11172", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11172", "title": "\r KLA11172Multiple vulnerabilities in Microsoft Development Tools ", "type": "kaspersky", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "github": [{"lastseen": "2020-12-24T13:32:58", "bulletinFamily": "software", "cvelist": ["CVE-2018-0786"], "description": "Microsoft .NET Framework 2.0 SP2, 3.0 SP2, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, .NET Core 1.0 and 2.0, and PowerShell Core 6.0.0 allow a security feature bypass vulnerability due to the way certificates are validated, aka \".NET Security Feature Bypass Vulnerability.\"", "edition": 3, "modified": "2019-07-03T21:02:04", "published": "2018-10-16T19:59:05", "id": "GHSA-JC8G-XHW5-6X46", "href": "https://github.com/advisories/GHSA-jc8g-xhw5-6x46", "title": "Moderate severity vulnerability that affects Microsoft.NETCore.UniversalWindowsPlatform and Microsoft.NETCore.UniversalWindowsPlatform ", "type": "github", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-12-24T13:32:59", "bulletinFamily": "software", "cvelist": ["CVE-2018-0764"], "description": "Microsoft .NET Framework 1.1, 2.0, 3.0, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 5.7 and .NET Core 1.0. 1.1 and 2.0 allow a denial of service vulnerability due to the way XML documents are processed, aka \".NET and .NET Core Denial Of Service Vulnerability\". This CVE is unique from CVE-2018-0765.", "edition": 3, "modified": "2019-07-03T21:02:03", "published": "2018-10-16T17:34:00", "id": "GHSA-RR3C-F55V-QHV5", "href": "https://github.com/advisories/GHSA-rr3c-f55v-qhv5", "title": "Moderate severity vulnerability that affects System.Security.Cryptography.Xml", "type": "github", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "redhat": [{"lastseen": "2019-08-13T18:44:52", "bulletinFamily": "unix", "cvelist": ["CVE-2018-0764"], "description": ".NET Core is a managed software framework. It implements a subset of the .NET framework APIs and includes a CLR implementation.\n\nNew versions of .NET Core that address several security vulnerabilities are now available. The updated versions are .NET Core 1.0.9, 1.1.6, and 2.0.5.\n\nSecurity Fix(es):\n\n* .NET Core: Improper processing of XML documents can cause a denial of service (CVE-2018-0764)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2018-03-19T16:30:32", "published": "2018-03-01T10:56:46", "id": "RHSA-2018:0379", "href": "https://access.redhat.com/errata/RHSA-2018:0379", "type": "redhat", "title": "(RHSA-2018:0379) Moderate: .NET Core on Red Hat Enterprise Linux security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "threatpost": [{"lastseen": "2019-03-14T05:46:56", "bulletinFamily": "info", "cvelist": ["CVE-2018-0786", "CVE-2018-0802", "CVE-2018-0819", "CVE-2019-0797"], "description": "Thanks to Meltdown and Spectre, January has already been an extremely busy month of patching for Microsoft. Today Microsoft tackled dozens more bugs, part of its regular Patch Tuesday release covering Microsoft Edge, Windows, Office, ASP.NET and the macOS version of Office.\n\nSixteen of Microsoft\u2019s updates tackled critical vulnerabilities, 38 are rated important and one low. A total of 20, could potentially lead to remote code execution.\n\n\u201cMicrosoft started Patch Tuesday a little early this month by releasing the operating system updates last week,\u201d said Chris Goettl, product manager at Ivanti, in his commentary on Patch Tuesday.\n\nHe said, last week Microsoft [released out-of-band updates](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV180002>) resolving three unique CVEs for Meltdown and Spectre, both speculative execution side-channel attacks.\n\n\u201cThese additions brings Microsoft\u2019s January patch updates to a total of about 55 vulnerabilities (CVEs). This includes four CVEs that have been publicly disclosed and one CVE detected in exploits in the wild,\u201d Goettl said.\n\nJimmy Graham, director of product management at Qualys, points out that this month is unique in that Microsoft has halted the deployment of patches for some AMD systems and other updates are incompatible with [third-party antivirus software](<https://threatpost.com/anti-virus-updates-required-ahead-of-microsofts-meltdown-spectre-patches/129371/>).\n\n\u201cCustomers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key,\u201d Microsoft said in [a Jan. 3 security bulletin](<https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software>).\n\nGraham also cautions that OS-level and BIOS (microcode) patches that are designed to mitigate Meltdown and Spectre may lead to CPU performance issues.\n\nListed as under active attack is ([**CVE-2018-0802**](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>)) a Microsoft Office memory corruption vulnerability that allows remote code execution in Office when the software fails to properly handle objects in memory, according Microsoft. Targets convinced to open a specially crafted Office document could allow an adversary to take control of the affected system.\n\nMicrosoft also patched a vulnerability (CVE-2018-0786) in .NET Framework (and .NET Core) that prevents the components from completely validating a certificate. \u201cAn attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose. This action disregards the Enhanced Key Usage taggings,\u201d [describes Microsoft](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0786>).\n\n\u201cThis is definitely the sort of bug malware authors seek, as it could allow their invalid certificates to appear valid,\u201d according Zero Day Initiative\u2019s Patch Tuesday analysis.\n\nOne of the CVEs ([CVE-2018-0819](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0819>)) tackled by Microsoft this month is a spoofing vulnerability in Microsoft Office for MAC, listed as publicly known at the time of release. The flaw does not allow some versions Microsoft Office or Mac to handle the encoding and display of email addresses properly. \u201cThis improper handling and display may cause antivirus or antispam scanning to not work as intended,\u201d Microsoft describes.\n\nOn Monday, [Apple released](<https://threatpost.com/apple-releases-spectre-patches-for-safari-macos-and-ios/129365/>) iOS 11.2.2 software for iPhones, iPads and iPod touch models that patch for the Spectre vulnerabilities. A macOS High Sierra 10.13.2 supplemental update was also released to bolster Spectre defenses in Apple\u2019s Safari browser and WebKit, the web browser engine used by Safari, Mail, and App Store.\n", "modified": "2018-01-09T16:25:06", "published": "2018-01-09T16:25:06", "id": "THREATPOST:63188D8C89FE469962D4F460E46755BC", "href": "https://threatpost.com/microsoft-january-patch-tuesday-update-fixes-16-critical-bugs/129378/", "type": "threatpost", "title": "Microsoft January Patch Tuesday Update Fixes 16 Critical Bugs", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "thn": [{"lastseen": "2018-01-27T09:17:17", "bulletinFamily": "info", "cvelist": ["CVE-2017-11882", "CVE-2018-0802", "CVE-2018-0819", "CVE-2018-4871", "CVE-2018-0786"], "description": "[![Microsoft Issues Security Patches Critical Vulnerabilities](https://2.bp.blogspot.com/-beOJSQDFs8E/WlWzGhDEy1I/AAAAAAAAvao/HtLyZwdkdO0s6swi2W8MGUFOiL97VBjtACLcBGAs/s1600/microsoft-windows-update.png)](<https://2.bp.blogspot.com/-beOJSQDFs8E/WlWzGhDEy1I/AAAAAAAAvao/HtLyZwdkdO0s6swi2W8MGUFOiL97VBjtACLcBGAs/s1600/microsoft-windows-update.png>)\n\nIf you think that only CPU updates that address this year's major security flaws\u2014[Meltdown and Spectre](<https://thehackernews.com/2018/01/meltdown-spectre-patches.html>)\u2014are the only ones you are advised to grab immediately, there are a handful of major security flaws that you should pay attention to. \n \nMicrosoft has issued its first Patch Tuesday for 2018 to address 56 CVE-listed flaws, including a zero-day vulnerability in MS Office related that had been actively exploited by several threat groups in the wild. \n \nSixteen of the security updates are listed as critical, 38 are rated important, one is rated moderate, and one is rated as low in severity. The updates address security flaws in Windows, Office, Internet Explorer, Edge, ChakraCore, ASP.NET, and the .NET Framework. \n \nThe zero-day vulnerability ([CVE-2018-0802](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-0802>)), described by Microsoft as a memory corruption flaw in Office, is already being targeted in the wild by several threat actor groups in the past few months. \n \nThe vulnerability, discovered by several researchers from Chinese companies Tencent and Qihoo 360, ACROS Security's 0Patch Team, and Check Point Software Technologies, can be exploited for remote code execution by tricking a targeted user into opening a specially crafted malicious Word file in MS Office or WordPad. \n \nAccording to the company, this security flaw is related to CVE-2017-11882\u2014a 17-year-old [vulnerability in the Equation Editor](<https://thehackernews.com/2017/11/microsoft-office-rce-exploit.html>) functionality (EQNEDT32.EXE), which Microsoft addressed in November. \n \nWhen researchers at 0Patch were analysing CVE-2017-11882, they discovered a new, related vulnerability (CVE-2018-0802). More details of CVE-2018-0802 can be found in a [blog post](<https://research.checkpoint.com/another-office-equation-rce-vulnerability/>) published by Check Point. \n \nBesides CVE-2018-0802, the company has addressed nine more remote code execution and memory disclosure vulnerabilities in MS Office. \n \nA spoofing vulnerability (CVE-2018-0819) in Microsoft Outlook for MAC, which has been listed as publicly disclosed ([Mailsploit attack](<https://thehackernews.com/2017/12/email-spoofing-client.html>)), has also addressed by the company. The vulnerability does not allow some versions Outlook for Mac to handle the encoding and display of email addresses properly, causing antivirus or anti-spam scanning not to work as intended. \n \nMicrosoft also addressed a certificate validation bypass vulnerability (CVE-2018-0786) in .NET Framework (and .NET Core) that could allow malware authors to show their invalid certificates as valid. \n \n\"An attacker could present a certificate that is marked invalid for a specific use, but the component uses it for that purpose,\" describes Microsoft. \"This action disregards the Enhanced Key Usage taggings.\" \n \nThe company has also patched a total of 15 vulnerabilities in the scripting engine used by Microsoft Edge and Internet Explorer. \n \nAll these flaws could be exploited for remote code execution by tricking a targeted user into opening a specially-crafted webpage that triggers a memory corruption error, though none of these has been exploited in the wild yet. \n \nMeanwhile, Adobe has [patched](<https://helpx.adobe.com/security/products/flash-player/apsb18-01.html>) a single, out of bounds read flaw (CVE-2018-4871) this month that could allow for information disclosure, though no active exploits have been seen in the wild. \n \nUsers are strongly advised to apply security patches as soon as possible to keep hackers and cybercriminals away from taking control of their computers. \n \nFor installing security updates, simply head on to Settings \u2192 Update & security \u2192 Windows Update \u2192 Check for updates, or you can install the updates manually.\n", "modified": "2018-01-11T07:11:17", "published": "2018-01-09T19:35:00", "id": "THN:ED087560040A02BCB1F68DE406A7F577", "href": "https://thehackernews.com/2018/01/microsoft-security-patch.html", "type": "thn", "title": "Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "talosblog": [{"lastseen": "2018-01-29T19:59:50", "bulletinFamily": "blog", "cvelist": ["CVE-2018-0741", "CVE-2018-0743", "CVE-2018-0744", "CVE-2018-0745", "CVE-2018-0746", "CVE-2018-0747", "CVE-2018-0748", "CVE-2018-0749", "CVE-2018-0750", "CVE-2018-0751", "CVE-2018-0752", "CVE-2018-0753", "CVE-2018-0754", "CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0764", "CVE-2018-0766", "CVE-2018-0767", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0780", "CVE-2018-0781", "CVE-2018-0784", "CVE-2018-0785", "CVE-2018-0786", "CVE-2018-0788", "CVE-2018-0789", "CVE-2018-0790", "CVE-2018-0791", "CVE-2018-0792", "CVE-2018-0793", "CVE-2018-0794", "CVE-2018-0795", "CVE-2018-0796", "CVE-2018-0797", "CVE-2018-0798", "CVE-2018-0799", "CVE-2018-0800", "CVE-2018-0801", "CVE-2018-0802", "CVE-2018-0803", "CVE-2018-0805", "CVE-2018-0806", "CVE-2018-0807", "CVE-2018-0812", "CVE-2018-0818", "CVE-2018-0819"], "description": "Today Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month's advisory release addresses 56 new vulnerabilities with 16 of them rated critical, 39 of them rated important and 1 of them rated Moderate. These vulnerabilities impact ASP.NET, Edge, Internet Explorer, Office, Windows, and more. \n \nIn addition to the 56 vulnerabilities addressed, Microsoft has also released an update that addresses Meltdown and Spectre. Mitigations for these two vulnerabilities were published for Windows in [ADV180002](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002>). Note that due to incompatibilities with anti-virus products, users and organizations may not have received this update yet. For more information, users should refer to Microsoft's knowledge base [article](<https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software>) which covers this issue. \n \n \n\n\n## Vulnerabilities Rated Critical\n\n \nMicrosoft has assigned the following vulnerabilities a Critical severity rating: \n\n\n * CVE-2018-0758 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0762 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0767 - Scripting Engine Information Disclosure Vulnerability\n * CVE-2018-0769 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0770 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0772 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0773 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0774 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0775 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0776 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0777 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0778 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0780 - Scripting Engine Information Disclosure Vulnerability\n * CVE-2018-0781 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0797 - Microsoft Word Memory Corruption Vulnerability\n * CVE-2018-0800 - Scripting Engine Information Disclosure Vulnerability\nThe following is a brief description of each vulnerability. \n \n\n\n### Multiple CVEs - Scripting Engine Memory Corruption Vulnerability\n\n \nMultiple remote code execution vulnerabilities have been discovered that affect Microsoft Edge and Internet Explorer. These vulnerabilities manifest due to Internet Explorer and Edge not properly handling objects in memory. Successful exploitation of these vulnerabilities could result in an attacker obtaining the ability to execute code within the context of the current user. Scenarios where these vulnerabilities would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit this vulnerability or, in some cases, opens a Microsoft Office document that utilizes the browser rendering engine. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0758\n * CVE-2018-0762\n * CVE-2018-0769\n * CVE-2018-0770\n * CVE-2018-0772\n * CVE-2018-0773\n * CVE-2018-0774\n * CVE-2018-0775\n * CVE-2018-0776\n * CVE-2018-0777\n * CVE-2018-0778\n * CVE-2018-0781\n\n### Multiple CVEs - Scripting Engine Information Disclosure Vulnerability\n\n \nTwo information disclosure vulnerabilities have been discovered that affect Microsoft Edge. These vulnerabilities manifests due to Microsoft Edge not properly handling objects in memory. These vulnerabilities could be leveraged by an attacker to obtain sensitive information from an affected system. This information could then be utilized to launch additional attacks against the system. Scenarios where these vulnerabilities would like be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit this vulnerability. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0767\n * CVE-2018-0780\n * CVE-2018-0800\n\n### CVE-2018-0797 - Microsoft Word Memory Corruption Vulnerability\n\n \nA remote code execution vulnerability has been discovered that affects Microsoft Office. This vulnerability manifests due to Microsoft Office failing to properly handle RTF files. Successful exploitation of this vulnerability could result in an attacker gaining the ability to execute code within the context of the current user. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page containing a specially crafted RTF file or in email-based attacks where the user opens a specially crafted file that has been received as an email attachment. \n \n\n\n## Vulnerabilities Rated Important\n\n \nMicrosoft has assigned the following vulnerabilities an Important severity rating: \n\n\n * CVE-2018-0741 - Microsoft Color Management Information Disclosure Vulnerability\n * CVE-2018-0743 - Windows Subsystem for Linux Elevation of Privilege Vulnerability\n * CVE-2018-0744 - Windows Elevation of Privilege Vulnerability\n * CVE-2018-0745 - Windows Information Disclosure Vulnerability\n * CVE-2018-0746 - Windows Information Disclosure Vulnerability\n * CVE-2018-0747 - Windows Information Disclosure Vulnerability\n * CVE-2018-0748 - Windows Elevation of Privilege Vulnerability\n * CVE-2018-0749 - SMB Server Elevation of Privilege Vulnerability\n * CVE-2018-0750 - Windows GDI Information Disclosure Vulnerability\n * CVE-2018-0751 - Windows Elevation of Privilege Vulnerability\n * CVE-2018-0752 - Windows Elevation of Privilege Vulnerability\n * CVE-2018-0753 - Windows IPSec Denial of Service Vulnerability\n * CVE-2018-0754 - ATMFD.dll Information Disclosure Vulnerability\n * CVE-2018-0764 - .NET and .NET Core Denial Of Service Vulnerability\n * CVE-2018-0766 - Microsoft Edge Information Disclosure Vulnerability\n * CVE-2018-0768 - Scripting Engine Memory Corruption Vulnerability\n * CVE-2018-0784 - ASP.NET Core Elevation Of Privilege Vulnerability\n * CVE-2018-0786 - .NET Security Feature Bypass Vulnerability\n * CVE-2018-0788 - ATMFD.dll Information Disclosure Vulnerability\n * CVE-2018-0789 - Microsoft Office Spoofing Vulnerability\n * CVE-2018-0790 - Microsoft Office Information Disclosure Vulnerability\n * CVE-2018-0791 - Microsoft Outlook Remote Code Execution Vulnerability\n * CVE-2018-0792 - Microsoft Word Remote Code Execution\n * CVE-2018-0793 - Microsoft Outlook Remote Code Execution\n * CVE-2018-0794 - Microsoft Word Remote Code Execution\n * CVE-2018-0795 - Microsoft Office Remote Code Execution\n * CVE-2018-0796 - Microsoft Excel Remote Code Execution\n * CVE-2018-0798 - Microsoft Word Memory Corruption Vulnerability\n * CVE-2018-0799 - Microsoft Access Tampering Vulnerability\n * CVE-2018-0801 - Microsoft Office Remote Code Execution Vulnerability\n * CVE-2018-0802 - Microsoft Office Memory Corruption Vulnerability\n * CVE-2018-0803 - Microsoft Edge Elevation of Privilege Vulnerability\n * CVE-2018-0805 - Microsoft Word Remote Code Execution Vulnerability\n * CVE-2018-0806 - Microsoft Word Remote Code Execution Vulnerability\n * CVE-2018-0807 - Microsoft Word Remote Code Execution Vulnerability\n * CVE-2018-0812 - Microsoft Word Memory Corruption Vulnerability\n * CVE-2018-0818 - Scripting Engine Security Feature Bypass\n * CVE-2018-0819 - Spoofing Vulnerability in Microsoft Office for MAC\nThe following is a brief description of each vulnerability: \n \n\n\n### CVE-2018-0741 - Microsoft Color Management Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability has been discovered affecting Microsoft Graphics Component. This vulnerability manifests due to the Color Management Module (ICM32.dll) not properly handling objects in memory. Successful exploitation of this vulnerability could provide an attacker with the information required to bypass Address Space Layout Randomization (ASLR). While this vulnerability does not provide code execution, it could make it easier to successfully exploit remote code execution vulnerabilities due to the ability of the attacker to bypass ASLR. \n \n\n\n### CVE-2018-0743 - Windows Subsystem for Linux Elevation of Privilege Vulnerability\n\n \nA privilege escalation vulnerability has been discovered affecting Windows Subsystem for Linux. This vulnerability manifests due to an integer overflow present in Windows Subsystem for Linux. Successful exploitation of this vulnerability requires an authenticated local attacker to run a specially crafted program and could allow them to execute code with elevated privileges on affected systems. \n \n\n\n### CVE-2018-0744 - Windows Elevation of Privilege Vulnerability\n\n \nA privilege escalation vulnerability has been discovered affecting the Windows Kernel. This vulnerability manifests due to the Windows kernel failing to properly handle objects in memory. Successful exploitation of this vulnerability requires an authenticated local attacker to run a specially crafted program and could allow them to execute code with elevated privileges on affected systems. \n \n\n\n### Multiple CVEs - Windows Information Disclosure Vulnerability\n\n \nMultiple information disclosure vulnerabilities have been discovered affecting Windows kernel. Successful exploitation of these vulnerability could provide an attacker information required to bypass ASLR as they allows the retrieval of the memory address of kernel objects. Exploitation of these vulnerability would require an authenticated local attacker to run a specially crafted program. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0745\n * CVE-2018-0746\n * CVE-2018-0747\n\n### Multiple CVEs - Windows Elevation of Privilege Vulnerability\n\n \nMultiple privilege escalation vulnerabilities have been discovered affecting the Windows kernel. These vulnerabilities manifests due to the Windows Kernel API failing to properly enforce permissions. Successful exploitation of these vulnerability would require an authenticated local attacker to execute a specially crafted program and could result in the attacker having the ability to impersonate processes, inject cross-process communications, or interrupt system functionality. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0748\n * CVE-2018-0751\n * CVE-2018-0752\n\n### CVE-2018-0749 - SMB Server Elevation of Privilege Vulnerability\n\n \nA privilege escalation vulnerability has been discovered affecting Windows SMB Server. This vulnerability manifests when an attacker with valid credentials to authenticate to an affected system opens a specially crafted file locally using the SMB protocol. Successful exploitation of this vulnerability could allow an attacker to bypass certain security checks. An attacker must have valid credentials and be authenticated to the affected system. \n \n\n\n### CVE-2018-0750 - Windows GDI Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability has been discovered affecting Microsoft Graphics Component. This vulnerability manifests due to the Windows GDI component improperly disclosing kernel memory addresses. Successful exploitation of this vulnerability could result in an attacker obtaining sensitive information that could be used to further attack the system. In order to exploit this vulnerability an attacker need to log on to the affected system and execute a specially crafted program. \n \n\n\n### CVE-2018-0753 - Windows IPSec Denial of Service Vulnerability\n\n \nA denial of service vulnerability has been discovered that affects IPSec. This vulnerability manifests due to Windows improperly handling objects in memory. Successful exploitation of this vulnerability could allow an attacker to cause a system to stop responding, preventing the system from being used by authorized users. \n \n\n\n### CVE-2018-0754 - ATMFD.dll Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability exists affecting Graphics Fonts. This vulnerability manifests due to the Adobe Type Manager Font Driver (ATMFD.dll) improperly handling objects in memory. Successful exploitation of this vulnerability could allow an attacker to obtain sensitive information that could be used to further attack affected systems. Scenarios where this vulnerability would likely be exploited include an attacker opening a document containing specially crafted fonts on an affected system. \n \n\n\n### CVE-2018-0764 - .NET and .NET Core Denial Of Service Vulnerability\n\n \nA denial of service vulnerability has been discovered affecting the .NET Framework. This vulnerability manifests due to .NET and .NET core improperly processing XML documents. Successful exploitation of this vulnerability could cause a denial of service in an affected .NET application. This vulnerability could be exploited by an attacker by sending specially crafted requests to a vulnerable .NET or .NET core application. \n \n\n\n### CVE-2018-0766 - Microsoft Edge Information Disclosure Vulnerability\n\n \nAn information disclosure vulnerability have been identified that affects Microsoft Edge. This vulnerability manifests due to Microsoft Edge PDF reader improperly handling objects in memory. This vulnerability could be leveraged by an attacker to obtain information that could be used for subsequent attacks against an affected system. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious PDF hosted on an attacker controlled website. \n \n\n\n### CVE-2018-0768 - Scripting Engine Memory Corruption Vulnerability\n\n \nA remote code execution vulnerability have been discovered that affects Microsoft Edge and Internet Explorer. This vulnerability manifests due to Internet Explorer and Edge not properly handling objects in memory. Successful exploitation of this vulnerability could result in an attacker obtaining the ability to execute code within the context of the current user. Scenarios where this vulnerability would likely be exploited include web-based attacks where the user navigates to a malicious web page designed to exploit this vulnerability. \n \n\n\n### CVE-2018-0784 - ASP.NET Core Elevation Of Privilege Vulnerability\n\n \nA vulnerability have been discovered in the ASP.NET Core that could allow a privilege escalation attack to occur. This vulnerability manifests when an ASP.NET Core web application, based on a vulnerable project template, incorrectly utilizes input without first sanitizing it. An attacker who exploits this vulnerability could perform content injection attacks and run scripts in the context of the current user. Exploitation of this vulnerability could be achieved in email-based attack scenarios or via other social engineering means where the user clicks on a specially crafted link. \n \n\n\n### CVE-2018-0786 - .NET Security Feature Bypass Vulnerability\n\n \nA security feature bypass vulnerability in the Microsoft .NET Framework and .NET Core have been identified that could allow attackers to bypass certificate validation. This vulnerability manifests in the way certificates are handled where certificates marked invalid for specific use may still be used for that purpose. \n \n\n\n### CVE-2018-0788 - OpenType Font Driver Elevation of Privilege Vulnerability\n\n \nA privilege escalation vulnerability has been discovered in the Windows Adobe OpenType Font Driver. This vulnerability manifests as a result of the library incorrectly handling objects in memory. Exploitation of this vulnerability could be achieved by running a specially crafted application that exploits this flaw. \n \n\n\n### Multiple CVEs - Microsoft SharePoint Cross Site Scripting Elevation of Privilege Vulnerability\n\n \nTwo cross-site scripting vulnerabilities have been identified in Microsoft Sharepoint that could allow an attacker to perform a privilege escalation attack. These vulnerabilities manifest as a result of improper input sanitization for specially crafted web requests. An attacker who exploits these vulnerabilities would be able to run scripts in the context of the affected user, allowing the attacker to read content or perform actions based on that user's permission. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0789\n * CVE-2018-0790\n\n### Multiple CVEs - Microsoft Outlook Remote Code Execution Vulnerability\n\n \nTwo remote code execution vulnerabilities have been identified in Microsoft Outlook that could allow an attacker to execute arbitrary code of their choice on targeted hosts. These vulnerabilities manifest as a result of Microsoft Outlook incorrectly parsing specially crafted emails. An attacker who sends a user a specially crafted email and socially engineers them to open a specially crafted attachment in Outlook could exploit this vulnerability. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0791\n * CVE-2018-0793\n\n### Multiple CVEs - Microsoft Word Remote Code Execution Vulnerability\n\n \nMultiple arbitrary code execution vulnerabilities have been identified in Microsoft Word. These vulnerabilities manifest as a result of Microsoft Word incorrectly handing objects in memory. An attacker who exploits one of these vulnerabilities could execute arbitrary code of their choosing on targeted hosts. Scenarios where this could occur include email-based attacks or other scenarios involving social engineering where the attackers convince the user to open a specially crafted Word document. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0792\n * CVE-2018-0794\n * CVE-2018-0805\n * CVE-2018-0806\n * CVE-2018-0807\n * CVE-2018-0812\n\n### CVE-2018-0796 - Microsoft Excel Remote Code Execution Vulnerability\n\n \nAn arbitrary code execution vulnerabilty have been identified in Microsoft Excel. This vulnerability manifests as a result of Microsoft Excel incorrectly handing objects in memory. An attacker who exploits this vulnerability could execute arbitrary code of their choosing on targeted hosts. Scenarios where this could occur include email-based attacks or other scenarios involving social engineering where the attackers convince the user to open a specially crafted Excel spreadsheet. \n \n\n\n### Multiple CVEs - Microsoft Office Memory Corruption Vulnerability\n\n \nMultiple arbitrary code execution vulnerabilities have been identified in Microsoft Office. These vulnerabilities manifest as a result of Microsoft Office incorrectly handing objects in memory. An attacker who exploits one of these vulnerabilities could execute arbitrary code of their choosing on targeted hosts. Scenarios where this could occur include email-based attacks or other scenarios involving social engineering where the attackers convince the user to open a specially crafted Office file. \n \nThe following is a list of CVEs related to these vulnerabilities. \n\n\n * CVE-2018-0795\n * CVE-2018-0798\n * CVE-2018-0801\n * CVE-2018-0802\n\n### CVE-2018-0799 - Microsoft Access Tampering Vulnerability\n\n \nA cross-site scripting vulnerability has been identified in Microsoft Access. This vulnerability manifests as a result of Microsoft Access incorrectly handling and sanitizing inputs to image fields editing within Design view. An attacker who exploits this vulnerability could execute arbitrary JavaScript in the context of the current user. An attacker could then read content or perform actions on behalf on the user on a remote site. Exploitation of this vulnerability could be achieved by opening a specially crafted Access file. \n \n\n\n### CVE-2018-0803 - Microsoft Edge Elevation of Privilege Vulnerability\n\n \nA vulnerability in Microsoft Edge has been identified that could result in privilege escalation if exploited. This vulnerability manifests as a result of Edge incorrectly enforcing cross-domain policies. Successful exploitation could result in a user obtaining elevated privileges. \n \n\n\n### CVE-2018-0818 - Scripting Engine Security Feature Bypass\n\n \nA security feature bypass vulnerability has been identified in Microsoft Chakra that could allow an attacker to bypass Control Flow Guard. An attacker could exploit this vulnerability by creating a specially crafted web page designed to exploit this vulnerability and convincing a user to visit the web page. \n \n\n\n### CVE-2018-0819 - Spoofing Vulnerability in Microsoft Office for Mac\n\n \nA spoofing vulnerability in Microsoft Outlook for Mac has been discovered and manifests as a result of Outlook for Mac incorrectly handling the encoding and display of email addresses. As a result, antivirus and anti-spam scanning may not work as intended. \n \n\n\n## Vulnerabilities Rated Moderate\n\n \nMicrosoft has assigned the following vulnerabilities an Moderate severity rating: \n\n\n * CVE-2018-0785 - ASP.NET Core Cross Site Request Forgery Vulnerability\nThe following is a brief description of this vulnerability: \n \n\n\n### CVE-2018-0785 - ASP.NET Core Cross Site Request Forgery Vulnerability\n\n \nA Cross Site Request Forgery (CSRF) vulnerability has been discovered affecting ASP.NET Core web applications that were created using vulnerable project templates. Successful exploitation of this vulnerability could allow an attacker to modify recovery codes associated with accounts to which the attacker should not have access to, resulting in the user being locked out of their account in situations where the user attempts to access their account after losing their 2FA device. \n \n\n\n## Coverage\n\n \nIn response to these vulnerability disclosures, Talos is releasing the following Snort rules that detect attempts to exploit them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org. \n \nSnort Rules: \n \n\n\n * 45374-45379\n * 45383-45384\n * 45387-45392\n * 45395-45396\n * 45402-45403\n \n \n\n\n[![](http://feeds.feedburner.com/~ff/feedburner/Talos?d=yIl2AUoC8zA)](<http://feeds.feedburner.com/~ff/feedburner/Talos?a=QkeaslD_R34:qiw230obZhU:yIl2AUoC8zA>)\n\n![](http://feeds.feedburner.com/~r/feedburner/Talos/~4/QkeaslD_R34)", "modified": "2018-01-09T21:36:54", "published": "2018-01-09T13:36:00", "id": "TALOSBLOG:EC1B279A70AF41A51CBB4EB4722EFA46", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/QkeaslD_R34/ms-tuesday.html", "type": "talosblog", "title": "Microsoft Patch Tuesday - January 2018", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "trendmicroblog": [{"lastseen": "2018-01-26T09:59:23", "bulletinFamily": "blog", "cvelist": ["CVE-2017-5715", "CVE-2017-5753", "CVE-2017-5754", "CVE-2018-0741", "CVE-2018-0743", "CVE-2018-0744", "CVE-2018-0745", "CVE-2018-0746", "CVE-2018-0747", "CVE-2018-0748", "CVE-2018-0749", "CVE-2018-0750", "CVE-2018-0751", "CVE-2018-0752", "CVE-2018-0753", "CVE-2018-0754", "CVE-2018-0758", "CVE-2018-0762", "CVE-2018-0764", "CVE-2018-0766", "CVE-2018-0767", "CVE-2018-0768", "CVE-2018-0769", "CVE-2018-0770", "CVE-2018-0772", "CVE-2018-0773", "CVE-2018-0774", "CVE-2018-0775", "CVE-2018-0776", "CVE-2018-0777", "CVE-2018-0778", "CVE-2018-0780", "CVE-2018-0781", "CVE-2018-0784", "CVE-2018-0785", "CVE-2018-0786", "CVE-2018-0788", "CVE-2018-0789", "CVE-2018-0790", "CVE-2018-0791", "CVE-2018-0792", "CVE-2018-0793", "CVE-2018-0794", "CVE-2018-0795", "CVE-2018-0796", "CVE-2018-0797", "CVE-2018-0798", "CVE-2018-0799", "CVE-2018-0800", "CVE-2018-0801", "CVE-2018-0802", "CVE-2018-0803", "CVE-2018-0804", "CVE-2018-0805", "CVE-2018-0806", "CVE-2018-0807", "CVE-2018-0812", "CVE-2018-0818", "CVE-2018-0819", "CVE-2018-4871"], "description": "![](https://blog.trendmicro.com/wp-content/uploads/2017/08/TippingPoint-300x205.jpg)\n\nLast week, three interesting vulnerabilities popped up on the news and security feeds. Researchers disclosed CVE-2017-5753 and CVE-2017-5715, collectively known as Spectre, and CVE-2017-5754, known as Meltdown. These vulnerabilities take advantage of \u201cspeculative execution\u201d of instructions performed by many modern microprocessors and can potentially allow an unprivileged attacker to read privileged memory allocated to the operating system kernel resulting in unintended information disclosure.\n\nIn order to exploit any of these vulnerabilities, an attacker must be able to run crafted code on an affected device. Trend Micro\u2019s TippingPoint devices are closed systems that only allow our trusted code to be executed. The underlying CPU and OS combination in the TippingPoint devices may be affected by these vulnerabilities; however, because our systems are closed with an inability to run arbitrary code, there is no vector to exploit. As of the writing of this blog, there are no known attacks that impact TippingPoint products. Our team will continue to monitor the situation and inform our customers of any updates.\n\nOn January 5, 2018, we released DV filter 30191 outside of our normal schedule to provide protection against a published remote JavaScript exploit of the Spectre vulnerability. Our team will continue to monitor the situation and will release additional filters as needed. Customers with concerns or further questions can contact the Trend Micro TippingPoint Technical Assistance Center (TAC). If you have other Trend Micro solutions, you can visit [Trend Micro Business Support](<https://success.trendmicro.com/solution/1119183-important-information-for-trend-micro-solutions-and-microsoft-january-2018-security-updates>) to get additional information.\n\n**TippingPoint Product Updates**\n\nEarlier this week, we released the following new releases for TippingPoint products:\n\n__Security Management System (SMS) Patches__\n\nThe following patches include minor enhancements, bug fixes and address security issues:\n\n**SMS Version** | **Patch** | **Software** \n---|---|--- \nSMS v4.4.0 | 2 | SMS_Patch-4.4.0.57192.2.pkg \nSMS v4.5.0 | 1 | SMS_Patch-4.5.0.98012.1.pkg \nSMS v4.6.0 | 1 | SMS_Patch-4.6.0.101914.1.pkg \nSMS v5.0.0 | 1 | SMS_Patch-5.0.0.106258.1.pkg \n \n \n\n__TippingPoint Operating System (TOS) v5.0.1 for Threat Protection System (TPS)__\n\nVersion 5.0.1 build 4821 has been released for the TPS family (vTPS, 440T, 2200T, 8200TX, 8400TX) of devices.\n\nTOS version 5.0.1.4821 will be released to manufacturing on March 31, 2018. All TPS family hardware appliances (440T, 2200T, 8200TX, 8400TX) will be manufactured with 5.0.1.4821 as January 9, 2018. This TOS release improves the overall security of the TPS and vTPS security devices, and resolves a number of issues.\n\nFor the complete list of enhancements and changes, customers can refer to the product release notes located on the [Threat Management Center (TMC) website](<https://tmc.tippingpoint.com/>) or contact the TippingPoint Technical Assistance Center (TAC) for questions or technical assistance.\n\n**Microsoft Updates**\n\nDue to the Meltdown and Spectre vulnerabilities, Microsoft issued an out-of-band update. The following table maps Digital Vaccine filters to the Microsoft updates issued on January 3, 2018:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0741 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0743 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0744 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0745 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0746 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0747 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0748 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0749 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0750 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0751 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0752 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0753 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0754 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0758 | 30160 | \nCVE-2018-0762 | 30167 | \nCVE-2018-0766 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0767 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0768 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0769 | 30168 | \nCVE-2018-0770 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0772 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0773 | 30169 | \nCVE-2018-0774 | 30185 | \nCVE-2018-0775 | 30186 | \nCVE-2018-0776 | 30164 | \nCVE-2018-0777 | 30162 | \nCVE-2018-0778 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0780 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0781 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0788 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0800 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0803 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0818 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\nThis week\u2019s Digital Vaccine\u00ae (DV) package includes coverage for Microsoft updates released on or before January 9, 2018. Security patches were released by Microsoft covering Internet Explorer (IE), Microsoft Edge, ChakraCore, Microsoft Windows, Microsoft Office, ASP.NET, and the .NET Framework. The following table maps Digital Vaccine filters to the Microsoft updates. You can get more detailed information on this month\u2019s security updates from Dustin Childs\u2019 [January 2018 Security Update Review](<https://www.zerodayinitiative.com/blog/2018/1/9/the-january-2018-security-update-review>) from the Zero Day Initiative:\n\n**CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|--- \nCVE-2018-0764 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0784 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0785 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0786 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0789 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0790 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0791 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0792 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0793 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0794 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0795 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0796 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0797 | 30163 | \nCVE-2018-0798 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0799 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0801 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0802 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0804 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0805 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0806 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0807 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0812 | | Vendor Deemed Reproducibility or Exploitation Unlikely \nCVE-2018-0819 | | Vendor Deemed Reproducibility or Exploitation Unlikely \n \n \n\n**Adobe Security Update**\n\nThis week\u2019s Digital Vaccine\u00ae (DV) package also includes coverage for Adobe updates released on or before January 9, 2018. The following table maps Digital Vaccine filters to the Adobe updates.\n\n**Bulletin #** | **CVE #** | **Digital Vaccine Filter #** | **Status** \n---|---|---|--- \nAPSB18-01 | CVE-2018-4871 | 30201 | \n \n \n\n**Zero-Day Filters**\n\nThere are five new zero-day filters covering one vendor in this week\u2019s Digital Vaccine (DV) package. A number of existing filters in this week\u2019s DV package were modified to update the filter description, update specific filter deployment recommendation, increase filter accuracy and/or optimize performance. You can browse the list of [published advisories](<http://www.zerodayinitiative.com/advisories/published/>) and [upcoming advisories](<http://www.zerodayinitiative.com/advisories/upcoming/>) on the [Zero Day Initiative](<http://www.zerodayinitiative.com/>) website. You can also follow the Zero Day Initiative on Twitter [@thezdi](<https://twitter.com/thezdi>) and on their [blog](<https://www.zerodayinitiative.com/blog>).\n\n**_Adobe (5)_**\n\n| \n\n * 29948: ZDI-CAN-5154: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29962: ZDI-CAN-5210: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29967: ZDI-CAN-5223: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29971: ZDI-CAN-5227: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC)\n * 29973: ZDI-CAN-5239: Zero Day Initiative Vulnerability (Adobe Acrobat Pro DC) \n---|--- \n| \n \n**Missed Last Week\u2019s News?**\n\nCatch up on last week\u2019s news in my [weekly recap](<http://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-january-1-2018/>).", "modified": "2018-01-12T15:09:44", "published": "2018-01-12T15:09:44", "href": "https://blog.trendmicro.com/tippingpoint-threat-intelligence-zero-day-coverage-week-january-8-2018/", "id": "TRENDMICROBLOG:6A0454A8A4891A1004496709868EC034", "type": "trendmicroblog", "title": "TippingPoint Threat Intelligence and Zero-Day Coverage \u2013 Week of January 8, 2018", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}