Rewterz Threat Advisory – CVE-2019-0545 – Microsoft .NET Framework Security Bypass Vulnerability

Thursday, January 10, 2019

SEVERITY: Medium

 

 

ANALYSIS SUMMARY

 

 

CVE-2019-0545
An information disclosure vulnerability exists in .NET Framework and .NET Core which allows bypassing Cross-origin Resource Sharing (CORS) configurations, which is a security bypass.

 

 

IMPACT

 

 

Security bypass
Information disclosure

 

 

AFFECTED PRODUCTS

 

 

Microsoft .NET Framework 2.0
Microsoft .NET Framework 3.0
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
.NET Core 2.2

 

 

REMEDIATION

 

 

Vendor has released updates for the following products.

Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4480076):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4480076):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480076

 

Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4480072):
Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4480072):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480072

 

Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2
(KB4480084):
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2 (KB4480084):
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4480084):
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
(KB4480084):
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
(KB4480084):
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4480084):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480084

 

Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 (KB4480085):
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation) (KB4480085):
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4480085):
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 (KB4480085):
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 (KB4480085):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480085

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (KB4480070):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)
(KB4480070):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480070

 

Microsoft .NET Framework 4.5.2 on Windows Server 2012 (KB4480075):
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) (KB4480075):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480075

 

Microsoft .NET Framework 3.5 on Windows Server 2012 (KB4480083):
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) (KB4480083):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480083

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 (KB4480063):
Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 (KB4480063):
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation) (KB4480063):
Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4480063):
Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 (KB4480063):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480063

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (KB4480051):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation)
(KB4480051):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480051

 

Microsoft .NET Framework 4.5.2 on Windows Server 2012 (KB4480058):
Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) (KB4480058):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480058

 

Microsoft .NET Framework 3.5 on Windows Server 2012 (KB4480061):
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) (KB4480061):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480061

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1 (KB4480054):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for x64-based systems (KB4480054):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (KB4480054):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation)
(KB4480054):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems (KB4480054):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480054

 

Microsoft .NET Framework 4.5.2 on Windows RT 8.1 (KB4480057):
Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems (KB4480057):
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (KB4480057):
Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) (KB4480057):
Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems (KB4480057):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480057

 

Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems (KB4481484, KB4480064):
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (KB4481484, KB4480064):
Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) (KB4481484, KB4480064):
Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems (KB4481484, KB4480064):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4481484

 

Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2
(KB4480062):
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for Itanium-Based Systems Service Pack 2
(KB4480062):
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
(KB4480062):
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for x64-based Systems Service Pack 2
(KB4480062):
Microsoft .NET Framework 3.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4480062):
Microsoft .NET Framework 2.0 Service Pack 2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4480062):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480062

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2 on Windows 10 for 32-bit Systems (KB4480962):
Microsoft .NET Framework 3.5 on Windows 10 for 32-bit Systems (KB4480962):
Microsoft .NET Framework 4.6/4.6.1/4.6.2 on Windows 10 for x64-based Systems (KB4480962):
Microsoft .NET Framework 3.5 on Windows 10 for x64-based Systems (KB4480962):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480962

 

Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems (KB4480978):
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for 32-bit Systems (KB4480978):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480978

 

Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (KB4480961):
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems (KB4480961):
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) (KB4480961):
Microsoft .NET Framework 3.5 on Windows Server 2016 (KB4480961):
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for x64-based Systems (KB4480961):
Microsoft .NET Framework 3.5 on Windows Server 2016 (Server Core installation) (KB4480961):
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems (KB4480961):
Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for 32-bit Systems (KB4480961):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480961

 

Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for ARM64-based Systems (KB4480966):
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for ARM64-based Systems (KB4480966):
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for x64-based Systems (KB4480966):
Microsoft .NET Framework 4.7.2 on Windows Server, version 1803 (Server Core Installation) (KB4480966):
Microsoft .NET Framework 4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation) (KB4480966):
Microsoft .NET Framework 3.5 on Windows Server, version 1709 (Server Core Installation) (KB4480966):
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for x64-based Systems (KB4480966):
Microsoft .NET Framework 3.5 on Windows Server, version 1803 (Server Core Installation) (KB4480966):
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for 32-bit Systems (KB4480966):
Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for 32-bit Systems (KB4480966):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480966

 

Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems (KB4480973):
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for x64-based Systems (KB4480973):
Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems (KB4480973):
Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for 32-bit Systems (KB4480973):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480973

 

Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems (KB4480978):
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for ARM64-based Systems (KB4480978):
Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems (KB4480978):
Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for x64-based Systems (KB4480978):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480978

 

Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for x64-based Systems (KB4480056):
Microsoft .NET Framework 4.7.2 on Windows Server 2019 (KB4480056):
Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation) (KB4480056):
Microsoft .NET Framework 3.5 on Windows 10 Version 1809 for x64-based Systems (KB4480056):
Microsoft .NET Framework 3.5 on Windows Server 2019 (KB4480056):
Microsoft .NET Framework 3.5 on Windows Server 2019 (Server Core installation) (KB4480056):
Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for 32-bit Systems (KB4480056):
Microsoft .NET Framework 3.5 on Windows 10 Version 1809 for 32-bit Systems (KB4480056):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480056

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 (KB4480055):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1
(KB4480055):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4480055):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4480055):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480055

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 (KB4480072):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1
(KB4480072):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4480072):
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4480072):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480072

 

Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 (KB4480059):
Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 (KB4480059):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation) (KB4480059):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4480059):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480059

 

Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 (KB4480076):
Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 (KB4480076):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core
installation) (KB4480076):
Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4480076):
https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4480076

Data Sheets

Corporate Brochure


Our Story


Services


Solutions


Managed Security


Upcoming Rewterz Trainings/Events

Rewterz News

  • 21, January 2019 Rewterz Threat Advisory – CVE-2018-15439 – Cisco Small Business Switches Privileged Access Vulnerability
  • 17, January 2019 Rewterz Threat Advisory – CVE-2019-2550 & CVE-2019-2549 – Oracle FLEXCUBE Direct Banking “Logoff Page” Vulnerabilities
  • 17, January 2019 Rewterz Threat Advisory – Oracle Enterprise Manager for Virtualization Multiple Vulnerabilities
  • 17, January 2019 Rewterz Threat Advisory – CVE-2019-2414 – Oracle HTTP Server “Web Listener” Privilege Escalation Vulnerability

Copyright © Rewterz. All rights reserved.