Microsoft .NET Framework 的安全更新(2023 年 8 月)
high Nessus 插件 ID 179664
语言:
简介
远程主机上安装的 Microsoft .NET Framework 缺少安全更新。描述
远程主机上安装的 Microsoft .NET Framework 缺少安全更新。因此该主机会受到多个漏洞的影响,具体如下:- 在 IIS 上运行的应用程序会使用父级应用程序的应用程序池,这些应用程序存在远程代码执行漏洞,可导致特权提升和其他安全性绕过问题。(CVE-2023-36899)
- 欺骗漏洞,未经认证的远程攻击者可在没有有效代码签名证书的情况下签署 ClickOnce 部署。(CVE-2023-36873)
解决方案
Microsoft 已发布用于 Microsoft .NET Framework 的安全更新。另见
http://www.nessus.org/u?31a7e1cb
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36873
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36899
https://support.microsoft.com/en-us/help/5028946
https://support.microsoft.com/en-us/help/5028947
https://support.microsoft.com/en-us/help/5028948
https://support.microsoft.com/en-us/help/5028950
https://support.microsoft.com/en-us/help/5028951
https://support.microsoft.com/en-us/help/5028952
https://support.microsoft.com/en-us/help/5028953
https://support.microsoft.com/en-us/help/5028954
https://support.microsoft.com/en-us/help/5028955
https://support.microsoft.com/en-us/help/5028956
https://support.microsoft.com/en-us/help/5028957
https://support.microsoft.com/en-us/help/5028958
https://support.microsoft.com/en-us/help/5028960
https://support.microsoft.com/en-us/help/5028961
https://support.microsoft.com/en-us/help/5028962
https://support.microsoft.com/en-us/help/5028963
https://support.microsoft.com/en-us/help/5028967
https://support.microsoft.com/en-us/help/5028968
https://support.microsoft.com/en-us/help/5028969
https://support.microsoft.com/en-us/help/5028970
https://support.microsoft.com/en-us/help/5028973
https://support.microsoft.com/en-us/help/5028974
https://support.microsoft.com/en-us/help/5028975
https://support.microsoft.com/en-us/help/5028976
https://support.microsoft.com/en-us/help/5028977
https://support.microsoft.com/en-us/help/5028978
https://support.microsoft.com/en-us/help/5028979
https://support.microsoft.com/en-us/help/5028980
插件详情
严重性: High
ID: 179664
文件名: smb_nt_ms23_aug_dotnet.nasl
版本: 1.3
类型: local
代理: windows
发布时间: 2023/8/10
最近更新时间: 2023/9/15
支持的传感器: Nessus
风险信息
VPR
风险因素: Medium
分数: 6.7
CVSS v2
风险因素: High
基本分数: 9
时间分数: 7
矢量: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS 分数来源: CVE-2023-36899
CVSS v3
风险因素: High
基本分数: 8.8
时间分数: 7.9
矢量: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
时间矢量: CVSS:3.0/E:P/RL:O/RC:C
漏洞信息
CPE: cpe:/a:microsoft:.net_framework
必需的 KB 项: SMB/MS_Bulletin_Checks/Possible
可利用: true
易利用性: Exploits are available
补丁发布日期: 2023/8/8
漏洞发布日期: 2023/8/8
参考资料信息
CVE: CVE-2023-36873, CVE-2023-36899
IAVA: 2023-A-0406-S
MSFT: MS23-5028946, MS23-5028947, MS23-5028948, MS23-5028950, MS23-5028951, MS23-5028952, MS23-5028953, MS23-5028954, MS23-5028955, MS23-5028956, MS23-5028957, MS23-5028958, MS23-5028960, MS23-5028961, MS23-5028962, MS23-5028963, MS23-5028967, MS23-5028968, MS23-5028969, MS23-5028970, MS23-5028973, MS23-5028974, MS23-5028975, MS23-5028976, MS23-5028977, MS23-5028978, MS23-5028979, MS23-5028980, MS23-5028981, MS23-5028982
MSKB: 5028946, 5028947, 5028948, 5028950, 5028951, 5028952, 5028953, 5028954, 5028955, 5028956, 5028957, 5028958, 5028960, 5028961, 5028962, 5028963, 5028967, 5028968, 5028969, 5028970, 5028973, 5028974, 5028975, 5028976, 5028977, 5028978, 5028979, 5028980, 5028981, 5028982