Описание
.NET Framework Remote Code Execution Vulnerability
A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system.
To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application.
The security update addresses the vulnerability by correcting how .NET Framework processes input.
FAQ
Why are there two Security Updates for Windows 10 version 1809 and Windows Server 2019?
Both updates address this vulnerability in Microsoft .NET Framework 3.5. However, Windows 10 version 1809 or Windows Server 2019 has either .NET Framework 4.7.2 or .NET Framework 4.8 installed in addition to .NET Framework 3.5. The updates for these versions of .NET Framework are bundled in the same update as .NET Framework 3.5. Customers running Windows 10 version 1809 or Server 2019 need to install the update that applies to the 4.X version of .NET installed on their system.
Обновления
| Продукт | Статья | Обновление |
|---|---|---|
| Microsoft .NET Framework 3.5 on Windows 10 Version 1909 for x64-based Systems | ||
| Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for 32-bit Systems | ||
| Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for x64-based Systems | ||
| Microsoft .NET Framework 3.5 on Windows 10 Version 1903 for ARM64-based Systems | ||
| Microsoft .NET Framework 3.5 on Windows Server, version 1903 (Server Core installation) | ||
| Microsoft .NET Framework 3.5 on Windows 10 Version 1909 for 32-bit Systems | ||
| Microsoft .NET Framework 3.5 on Windows 10 Version 1909 for ARM64-based Systems | ||
| Microsoft .NET Framework 3.5 on Windows Server, version 1909 (Server Core installation) | ||
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 (Server Core installation) | ||
| Microsoft .NET Framework 3.5 AND 4.8 on Windows Server 2019 |
Показывать по
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
Older Software Release
DOS
EPSS
Связанные уязвимости
A remote code execution vulnerability exists when Microsoft .NET Framework processes input. An attacker who successfully exploited this vulnerability could take control of an affected system. To exploit the vulnerability, an attacker would need to be able to upload a specially crafted file to a web application. The security update addresses the vulnerability by correcting how .NET Framework processes input.
A remote code execution vulnerability exists when Microsoft .NET Framework processes input, aka '.NET Framework Remote Code Execution Vulnerability'.
Уязвимость программной платформы Microsoft .NET Framework, существующая из-за недостаточной проверки входных данных, позволяющая нарушителю выполнить произвольный код
EPSS