Microsoft .NET Framework 的安全性更新 (2023 年 9 月)
high Nessus Plugin ID 181375
語系:
概要
遠端主機上安裝的 Microsoft .NET Framework 缺少安全性更新。說明
遠端主機上安裝的 Microsoft .NET Framework 缺少安全性更新。因此,會受到如下多個弱點影響:- DiaSymReader.dll 中有多個弱點,剖析損毀的 PDB 可導致遠端程式碼執行。(CVE-2023-36792、CVE-2023-36793、CVE-2023-36794 CVE-2023-36796)
- WPF XML 剖析器中有一個弱點,未沙箱化的剖析器可導致遠端程式碼執行。
(CVE-2023-36788)
解決方案
Microsoft 已經發佈 Microsoft .NET Framework 適用的安全性更新。另請參閱
http://www.nessus.org/u?3bbdfd35
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36788
https://support.microsoft.com/en-us/help/5029942
https://support.microsoft.com/en-us/help/5029943
https://support.microsoft.com/en-us/help/5029944
https://support.microsoft.com/en-us/help/5029945
https://support.microsoft.com/en-us/help/5029946
https://support.microsoft.com/en-us/help/5029947
https://support.microsoft.com/en-us/help/5029948
https://support.microsoft.com/en-us/help/5030030
https://support.microsoft.com/en-us/help/5030160
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796
https://support.microsoft.com/en-us/help/5029915
https://support.microsoft.com/en-us/help/5029916
https://support.microsoft.com/en-us/help/5029917
https://support.microsoft.com/en-us/help/5029919
https://support.microsoft.com/en-us/help/5029920
https://support.microsoft.com/en-us/help/5029921
https://support.microsoft.com/en-us/help/5029922
https://support.microsoft.com/en-us/help/5029923
https://support.microsoft.com/en-us/help/5029924
https://support.microsoft.com/en-us/help/5029925
https://support.microsoft.com/en-us/help/5029926
https://support.microsoft.com/en-us/help/5029927
https://support.microsoft.com/en-us/help/5029928
https://support.microsoft.com/en-us/help/5029929
https://support.microsoft.com/en-us/help/5029931
https://support.microsoft.com/en-us/help/5029932
https://support.microsoft.com/en-us/help/5029933
https://support.microsoft.com/en-us/help/5029937
https://support.microsoft.com/en-us/help/5029938
Plugin 詳細資訊
嚴重性: High
ID: 181375
檔案名稱: smb_nt_ms23_sep_dotnet.nasl
版本: 1.4
類型: local
代理程式: windows
已發布: 2023/9/13
已更新: 2023/11/16
支援的感應器: Nessus
風險資訊
VPR
風險因素: Medium
分數: 6.7
CVSS v2
風險因素: High
基本分數: 7.2
時間分數: 5.3
媒介: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 評分資料來源: CVE-2023-36796
CVSS v3
風險因素: High
基本分數: 7.8
時間分數: 6.8
媒介: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
時間媒介: CVSS:3.0/E:U/RL:O/RC:C
弱點資訊
CPE: cpe:/a:microsoft:.net_framework
必要的 KB 項目: SMB/MS_Bulletin_Checks/Possible
可輕鬆利用: No known exploits are available
修補程式發佈日期: 2023/9/12
弱點發布日期: 2023/9/12
參考資訊
CVE: CVE-2023-36788, CVE-2023-36792, CVE-2023-36793, CVE-2023-36794, CVE-2023-36796
IAVA: 2023-A-0470-S
MSFT: MS23-5029916, MS23-5029917, MS23-5029919, MS23-5029920, MS23-5029921, MS23-5029922, MS23-5029923, MS23-5029924, MS23-5029925, MS23-5029926, MS23-5029927, MS23-5029928, MS23-5029929, MS23-5029931, MS23-5029932, MS23-5029933, MS23-5029937, MS23-5029938, MS23-5029940, MS23-5029941, MS23-5029942, MS23-5029943, MS23-5029944, MS23-5029945, MS23-5029946, MS23-5029947, MS23-5029948, MS23-5030030, MS23-5030160
MSKB: 5029915, 5029916, 5029917, 5029919, 5029920, 5029921, 5029922, 5029923, 5029924, 5029925, 5029926, 5029927, 5029928, 5029929, 5029931, 5029932, 5029933, 5029937, 5029938, 5029940, 5029941, 5029942, 5029943, 5029944, 5029945, 5029946, 5029947, 5029948, 5030030, 5030160