• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Advisory – Microsoft Internet Explorer Multiple Vulnerabilities
December 14, 2018
Rewterz Threat Advisory – Microsoft Windows Server 2019 Multiple Vulnerabilities
December 17, 2018

Rewterz Threat Advisory – Microsoft .NET Framework Multiple Vulnerabilities

December 17, 2018

SEVERITY: High

 

 

CATEGORY: Vulnerability

 

 

PUBLISH DATE: December 17, 2018

 

 

ANALYSIS SUMMARY:

 

 

Two vulnerabilities have been found in Microsoft .NET Framework, which can be exploited by malicious people to cause Denial of Service or execute arbitrary code.

 

CVE-2018-8517: Microsoft .NET framework has an error when handling special web requests. The flaw can be exploited to cause a DoS condition.

 

CVE-2018-8540: An error in Microsoft .NET framework leads to failure of proper input validation, and can be exploited to inject and execute arbitrary code.

 

IMPACT:

 

 

System Access, Denial of Service

 

 

AFFECTED VENDORS:

 

Microsoft

 

 

AFFECTED PRODUCTS:

 

Microsoft .NET Framework 3.x

Microsoft .NET Framework 4.x

 

 

REMEDIATION

 

 

Apply update.

 

Microsoft .NET Framework 4.5.2 on Windows Server 2012 (KB4471982, KB4470492):

Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) (KB4471982, KB4470492):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471982

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (KB4471982, KB4470498):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) (KB4471982, KB4470498):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471982

 

Microsoft .NET Framework 3.5 on Windows Server 2012 (KB4471982, KB4470601):
Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) (KB4471982, KB4470601):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471982

 

Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4471984, KB4470500):

Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471984, KB4470500):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471984

 

 

Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 (KB4471981, KB4470600):

Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 (KB4471981, KB4470600): Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471981, KB4470600):

Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471981, KB4470600):

Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 (KB4471981, KB4470600):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471981

 

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems (KB4471983, KB4470499):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (KB4471983, KB4470499):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) (KB4471983, KB4470499):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems (KB4471983, KB4470499):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471983

 

 

Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems (KB4471983, KB4470491):

Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (KB4471983, KB4470491):

Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) (KB4471983, KB4470491):

Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems (KB4471983, KB4470491):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471983

 

Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems (KB4471983, KB4470602):

Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (KB4471983, KB4470602):

Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) (KB4471983, KB4470602):

Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems (KB4471983, KB4470602):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471983

 

 

Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471990, KB4470637):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471990

 

 

Microsoft .NET Framework 4.6 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4471990, KB4470640):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471990

 

 

Microsoft .NET Framework 3.5.1 on Windows 7 for x64-based Systems Service Pack 1 (KB4471987, KB4470641):

Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471987, KB4470641):

Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471987, KB4470641):

Microsoft .NET Framework 3.5.1 on Windows Server 2008 R2 for Itanium-Based Systems Service Pack 1 (KB4471987, KB4470641):

Microsoft .NET Framework 3.5.1 on Windows 7 for 32-bit Systems Service Pack 1 (KB4471987, KB4470641):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471987

 

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (KB4471988, KB4470638):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 (Server Core installation) (KB4471988, KB4470638):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471988

 

 

Microsoft .NET Framework 4.5.2 on Windows Server 2012 (KB4471988, KB4470623):

Microsoft .NET Framework 4.5.2 on Windows Server 2012 (Server Core installation) (KB4471988, KB4470623):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471988

 

 

Microsoft .NET Framework 3.5 on Windows Server 2012 (KB4471988, KB4470629):

Microsoft .NET Framework 3.5 on Windows Server 2012 (Server Core installation) (KB4471988, KB4470629):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471988

 

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows RT 8.1 (KB4471989, KB4470639):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471989

 

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for x64-based systems (KB4471989, KB4470639):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (KB4471989, KB4470639):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2012 R2 (Server Core installation) (KB4471989, KB4470639):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471989

 

 

Microsoft .NET Framework 4.5.2 on Windows RT 8.1 (KB4470622):

Apply update (please see the vendor’s service database for details).

 

 

Microsoft .NET Framework 4.5.2 on Windows 8.1 for x64-based systems (KB4471989, KB4470622):

Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (KB4471989, KB4470622):

Microsoft .NET Framework 4.5.2 on Windows Server 2012 R2 (Server Core installation) (KB4471989, KB4470622):

Microsoft .NET Framework 4.5.2 on Windows 8.1 for 32-bit systems (KB4471989, KB4470622):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471989

 

 

Microsoft .NET Framework 3.5 on Windows 8.1 for x64-based systems (KB4471989, KB4470630):

Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (KB4471989, KB4470630):

Microsoft .NET Framework 3.5 on Windows Server 2012 R2 (Server Core installation) (KB4471989, KB4470630):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems (KB4471989, KB4470630):

Microsoft .NET Framework 3.5 on Windows 8.1 for 32-bit systems (KB4471989, KB4470630):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471989

 

 

Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (KB4471321):

Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for x64-based Systems (KB4471321):

Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows Server 2016 (Server Core installation) (KB4471321):

Microsoft .NET Framework 3.5 on Windows Server 2016 (KB4471321):

Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for x64-based Systems (KB4471321):

Microsoft .NET Framework 3.5 on Windows Server 2016 (Server Core installation) (KB4471321):

Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 on Windows 10 Version 1607 for 32-bit Systems (KB4471321):

Microsoft .NET Framework 3.5 on Windows 10 Version 1607 for 32-bit Systems (KB4471321):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471321

 

 

 

Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for x64-based Systems (KB4471327):

Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for x64-based Systems (KB4471327):

Microsoft .NET Framework 4.7/4.7.1/4.7.2 on Windows 10 Version 1703 for 32-bit Systems (KB4471327):

Microsoft .NET Framework 3.5 on Windows 10 Version 1703 for 32-bit Systems (KB4471327):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471327

 

 

 

Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for x64-based Systems (KB4470502):

Microsoft .NET Framework 4.7.2 on Windows Server 2019 (KB4470502):

Microsoft .NET Framework 4.7.2 on Windows Server 2019 (Server Core installation) (KB4470502):

Microsoft .NET Framework 3.5 on Windows 10 Version 1809 for x64-based Systems (KB4470502):

Microsoft .NET Framework 3.5 on Windows Server 2019 (KB4470502):

Microsoft .NET Framework 3.5 on Windows Server 2019 (Server Core installation) (KB4470502):

Microsoft .NET Framework 4.7.2 on Windows 10 Version 1809 for 32-bit Systems (KB4470502):

Microsoft .NET Framework 3.5 on Windows 10 Version 1809 for 32-bit Systems (KB4470502):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4470502

 

 

 

Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for 32-bit Systems (KB4471329):

Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for 32-bit Systems (KB4471329):

Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for x64-based Systems (KB4471329):

Microsoft .NET Framework 4.7.1/4.7.2 on Windows Server, version 1709 (Server Core Installation) (KB4471329):

Microsoft .NET Framework 3.5 on Windows 10 Version 1709 for x64-based Systems (KB4471329):

Microsoft .NET Framework 3.5 on Windows Server, version 1709 (Server Core Installation) (KB4471329):

Microsoft .NET Framework 4.7.1/4.7.2 on Windows 10 Version 1709 for ARM64-based Systems (KB4471329):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471329

 

 

 

Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for 32-bit Systems (KB4471324):

Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for 32-bit Systems (KB4471324):

Microsoft .NET Framework 4.7.2 on Windows 10 Version 1803 for x64-based Systems (KB4471324):

Microsoft .NET Framework 4.7.2 on Windows Server, version 1803 (Server Core Installation) (KB4471324):

Microsoft .NET Framework 3.5 on Windows 10 Version 1803 for x64-based Systems (KB4471324):

Microsoft .NET Framework 3.5 on Windows Server, version 1803 (Server Core Installation) (KB4471324):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471324

 

 

Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 (KB4471987, KB4470637):

Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471987, KB4470637):

Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471987, KB4470637):

Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471987, KB4470637):

Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4471987, KB4470637):

Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 (KB4471987, KB4470637):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471987

 

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 (KB4471987, KB4470640):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471987, KB4470640):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471987, KB4470640):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 (KB4471987, KB4470640):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471987

 

 

 

Microsoft .NET Framework 4.5.2 on Windows 7 for x64-based Systems Service Pack 1 (KB4471981, KB4470493):

Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471981, KB4470493):

Microsoft .NET Framework 4.5.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471981, KB4470493):

Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471981, KB4470493):

Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4471981, KB4470493):

Microsoft .NET Framework 4.5.2 on Windows 7 for 32-bit Systems Service Pack 1 (KB4471981, KB4470493):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471981

 

 

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for x64-based Systems Service Pack 1 (KB4471984, KB4470500):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471984, KB4470500):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471984, KB4470500):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471984

 

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 7 for 32-bit Systems Service Pack 1 (KB4471981, KB4470500):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471981

 

 

Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4471984, KB4470493):

Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471984, KB4470493):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471984

 

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471981, KB4470600):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471981, KB4470600):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471981

 

 

 

Microsoft .NET Framework 4.5.2 on Windows Server 2008 for x64-based Systems Service Pack 2 (KB4471990, KB4470637):

Microsoft .NET Framework 4.5.2 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471990, KB4470637):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471990

 

 

Microsoft .NET Framework 4.6 on Windows Server 2008 for 32-bit Systems Service Pack 2 (KB4471990, KB4470640):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471990

 

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation) (KB4471987, KB4470641):

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 (KB4471987, KB4470641):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471987

 

 

Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2 on Windows 8.1 for 32-bit systems (KB4471989, KB4470639):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471989

 

 

Microsoft .NET Framework 4.6.2 on Windows 10 for x64-based Systems (KB4471323):

Microsoft .NET Framework 3.5 on Windows 10 for x64-based Systems (KB4471323):

Microsoft .NET Framework 4.6.2 on Windows 10 for 32-bit Systems (KB4471323):

Microsoft .NET Framework 3.5 on Windows 10 for 32-bit Systems (KB4471323):

https://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB4471323

 

Note: Security updates for Windows RT 8.1, Windows Server 2016, and Windows 10 are available via e.g. Windows Update or Windows Update Catalog only.

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.