Описание
.NET Framework Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
To exploit the vulnerability, an attacker would first need to convince the user to open a malicious document or application.
The security update addresses the vulnerability by correcting how .NET validates untrusted input.
FAQ
How do I determine which version of Microsoft .NET Framework is installed on my system? You can install and run multiple versions of .NET Framework on a system, and you can install the versions in any order. For more information, see Microsoft Knowledge Base Article 318785.
How do I locate the updates for the versions of .NET Framework installed on my system? The download links in the Affected Products table are to the Parent KB number in the Microsoft Update Catalog. To locate the packages you need to download, in the Microsoft Update Catalog, click Download for the platform you have installed on your system. In the Download window, click to download each update that is applicable to your system.
Customers who have updates automatically installed will be offered the Parent KB; however, the package KB numbers listed for each platform will be displayed in Add Remove Programs.
The following table lists the Parent KB numbers for the Monthly Rollup Releases and the Security Only Releases, and the package KB numbers they contain. For more information about Microsoft's update servicing model for Microsoft .NET Framework, see this Microsoft .NET Blog Post.
| Monthly Rollup Release | Security Only Release | |||
|---|---|---|---|---|
| Platform | Parent KB | Child KBs | Parent KB | Child KBs |
| Windows Server 2008 | 4041086 | 4040978 - .NET Framework 2.0 | 4041093 | 4040964 - .NET Framework 2.0 |
| 4040977 - .NET Framework 4.5.2 | 4040960- .NET Framework 4.5.2 | |||
| 4040973 - .NET Framework 4.6 | 4040957 - .NET Framework 4.6 | |||
| Windows 7 | 4041083 | 4040980 - .NET Framework 3.5.1 | 4041090 | 4040966 - .NET Framework 3.5.1 |
| Windows Server 2008 R2 | 4040977 - .NET Framework 4.5.2 | 4040960- .NET Framework 4.5.2 | ||
| 4040973 - .NET Framework 4.6/4.6.1/4.6.2/4.7 | 4040957 - .NET Framework 4.6/4.6.1/4.6.2/4.7 | |||
| Windows Server 2012 | 4041084 | 4040979 - .NET Framework 3.5 | 4041091 | 4040965 - .NET Framework 3.5 |
| 4040975 - .NET Framework 4.5.2 | 4040959 - .NET Framework 4.5.2 | |||
| 4040971 - .NET Framework 4.6/4.6.1/4.6.2/4.7 | 4040955 - .NET Framework 4.6/4.6.1/4.6.2/4.7 | |||
| Windows 8.1 | 4041085 | 4040981 - .NET Framework 3.5 | 4041092 | 4040967 - .NET Framework 3.5 |
| Windows Server 2012 R2 | 4040974 - .NET Framework 4.5.2 | 4040958 - .NET Framework 4.5.2 | ||
| 4040972 - .NET Framework 4.6/4.6.1/4.6.2/4.72 | 4040956 - .NET Framework 4.6/4.6.1/4.6.2/4.7 | |||
| Windows 10 Platforms | Parent KB | .NET Framework Product | ||
| Windows 10 | 4038781 | .NET Framework 3.5 | None | |
| .NET Framework 4.6 | ||||
| Windows 10 Version 1511 | 4038783 | .NET Framework 3.5 | None | |
| .NET Framework 4.6.1 | ||||
| Windows 10 Version 1607 | 4038782 | .NET Framework 3.5 | None | |
| .NET Framework 4.6.2/4.7 | ||||
| Windows Server 2016 | 4038782 | .NET Framework 3.5 | None | |
| .NET Framework 4.6.2/4.7 | ||||
| Windows 10 Version 1703 | 4038788 | .NET Framework 3.5 | None | |
| .NET Framework 4.7 |
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft .NET Framework 4.6.2/4.7 on Windows 10 Version 1607 for 32-bit Systems | ||
| Microsoft .NET Framework 4.6.2/4.7 on Windows 10 Version 1607 for x64-based Systems | ||
| Microsoft .NET Framework 4.6.2/4.7 on Windows Server 2016 | ||
| Microsoft .NET Framework 4.6.2/4.7 on Windows Server 2016 (Server Core installation) | ||
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 7 for 32-bit Systems Service Pack 1 | ||
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 7 for x64-based Systems Service Pack 1 | ||
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 8.1 for 32-bit systems | ||
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows 8.1 for x64-based systems | ||
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows RT 8.1 | ||
| Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7 on Windows Server 2008 R2 for x64-based Systems Service Pack 1 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
EPSS
Связанные уязвимости
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
Microsoft .NET Framework 2.0, 3.5, 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2 and 4.7 allow an attacker to execute code remotely via a malicious document or application, aka ".NET Framework Remote Code Execution Vulnerability."
Уязвимость модуля SOAP WSDL Parser (Web Services Description Language) программной платформы Microsoft .NET Framework, позволяющая нарушителю выполнить произвольный код
EPSS