Microsoft .NET Framework 的安全更新(2023 年 6 月)
high Nessus 插件 ID 177393
语言:
简介
远程主机上安装的 Microsoft .NET Framework 缺少安全更新。描述
远程主机上安装的 Microsoft .NET Framework 缺少安全更新。因此该主机会受到多个漏洞的影响,具体如下:- MSDIA SDK 中存在远程代码执行漏洞,损坏的 PDB 可导致堆溢出。
(CVE-2023-24897)
- WPF 中存在远程代码执行漏洞,导致 BAML 可以提供其他方式来将类型实例化。
(CVE-2023-21808)
- WPF XAML 解析器中的远程代码执行漏洞 (CVE-2023-24895)
解决方案
Microsoft 已发布用于 Microsoft .NET Framework 的安全更新。另见
http://www.nessus.org/u?283f4db9
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32030
https://support.microsoft.com/en-us/help/5027107
https://support.microsoft.com/en-us/help/5027108
https://support.microsoft.com/en-us/help/5027109
https://support.microsoft.com/en-us/help/5027110
https://support.microsoft.com/en-us/help/5027111
https://support.microsoft.com/en-us/help/5027112
https://support.microsoft.com/en-us/help/5027113
https://support.microsoft.com/en-us/help/5027114
https://support.microsoft.com/en-us/help/5027115
https://support.microsoft.com/en-us/help/5027116
https://support.microsoft.com/en-us/help/5027117
https://support.microsoft.com/en-us/help/5027118
https://support.microsoft.com/en-us/help/5027119
https://support.microsoft.com/en-us/help/5027121
https://support.microsoft.com/en-us/help/5027122
https://support.microsoft.com/en-us/help/5027123
https://support.microsoft.com/en-us/help/5027124
https://support.microsoft.com/en-us/help/5027125
https://support.microsoft.com/en-us/help/5027126
https://support.microsoft.com/en-us/help/5027127
https://support.microsoft.com/en-us/help/5027128
https://support.microsoft.com/en-us/help/5027129
https://support.microsoft.com/en-us/help/5027131
https://support.microsoft.com/en-us/help/5027132
https://support.microsoft.com/en-us/help/5027133
https://support.microsoft.com/en-us/help/5027134
https://support.microsoft.com/en-us/help/5027138
https://support.microsoft.com/en-us/help/5027139
插件详情
严重性: High
ID: 177393
文件名: smb_nt_ms23_jun_dotnet.nasl
版本: 1.3
类型: local
代理: windows
发布时间: 2023/6/16
最近更新时间: 2023/8/11
支持的传感器: Nessus Agent, Nessus
风险信息
VPR
风险因素: High
分数: 8.4
CVSS v2
风险因素: Critical
基本分数: 10
时间分数: 7.4
矢量: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 分数来源: CVE-2023-29330
CVSS v3
风险因素: High
基本分数: 8.8
时间分数: 7.7
矢量: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
时间矢量: CVSS:3.0/E:U/RL:O/RC:C
漏洞信息
CPE: cpe:/a:microsoft:.net_framework
必需的 KB 项: SMB/MS_Bulletin_Checks/Possible
易利用性: No known exploits are available
补丁发布日期: 2023/6/13
漏洞发布日期: 2023/6/13
参考资料信息
CVE: CVE-2023-24895, CVE-2023-24897, CVE-2023-24936, CVE-2023-29326, CVE-2023-29330, CVE-2023-29331, CVE-2023-32030
IAVA: 2023-A-0291-S
MSFT: MS23-5027107, MS23-5027108, MS23-5027109, MS23-5027110, MS23-5027111, MS23-5027112, MS23-5027113, MS23-5027114, MS23-5027115, MS23-5027116, MS23-5027117, MS23-5027118, MS23-5027119, MS23-5027121, MS23-5027122, MS23-5027123, MS23-5027124, MS23-5027125, MS23-5027126, MS23-5027127, MS23-5027128, MS23-5027129, MS23-5027131, MS23-5027132, MS23-5027133, MS23-5027134, MS23-5027138, MS23-5027139, MS23-5027140, MS23-5027141
MSKB: 5027107, 5027108, 5027109, 5027110, 5027111, 5027112, 5027113, 5027114, 5027115, 5027116, 5027117, 5027118, 5027119, 5027121, 5027122, 5027123, 5027124, 5027125, 5027126, 5027127, 5027128, 5027129, 5027131, 5027132, 5027133, 5027134, 5027138, 5027139, 5027140, 5027141