Microsoft .NET Framework 的安全更新(2023 年 9 月)
high Nessus 插件 ID 181375
语言:
简介
远程主机上安装的 Microsoft .NET Framework 缺少安全更新。描述
远程主机上安装的 Microsoft .NET Framework 缺少安全更新。因此该主机会受到多个漏洞的影响,具体如下:- DiaSymReader.dll 中存在多个漏洞,解析损坏的 PDB 可能会造成远程代码执行。(CVE-2023-36792、CVE-2023-36793、CVE-2023-36794 CVE-2023-36796)
- WPF XML 解析器中存在漏洞,而非沙盒化解析器可能导致远程代码执行。
(CVE-2023-36788)
解决方案
Microsoft 已发布用于 Microsoft .NET Framework 的安全更新。另见
http://www.nessus.org/u?3bbdfd35
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36788
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36792
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36793
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36794
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-36796
https://support.microsoft.com/en-us/help/5029915
https://support.microsoft.com/en-us/help/5029916
https://support.microsoft.com/en-us/help/5029917
https://support.microsoft.com/en-us/help/5029919
https://support.microsoft.com/en-us/help/5029920
https://support.microsoft.com/en-us/help/5029921
https://support.microsoft.com/en-us/help/5029922
https://support.microsoft.com/en-us/help/5029923
https://support.microsoft.com/en-us/help/5029924
https://support.microsoft.com/en-us/help/5029925
https://support.microsoft.com/en-us/help/5029926
https://support.microsoft.com/en-us/help/5029927
https://support.microsoft.com/en-us/help/5029928
https://support.microsoft.com/en-us/help/5029929
https://support.microsoft.com/en-us/help/5029931
https://support.microsoft.com/en-us/help/5029932
https://support.microsoft.com/en-us/help/5029933
https://support.microsoft.com/en-us/help/5029937
https://support.microsoft.com/en-us/help/5029938
https://support.microsoft.com/en-us/help/5029940
https://support.microsoft.com/en-us/help/5029941
https://support.microsoft.com/en-us/help/5029942
https://support.microsoft.com/en-us/help/5029943
https://support.microsoft.com/en-us/help/5029944
https://support.microsoft.com/en-us/help/5029945
https://support.microsoft.com/en-us/help/5029946
https://support.microsoft.com/en-us/help/5029947
https://support.microsoft.com/en-us/help/5029948
插件详情
严重性: High
ID: 181375
文件名: smb_nt_ms23_sep_dotnet.nasl
版本: 1.4
类型: local
代理: windows
发布时间: 2023/9/13
最近更新时间: 2023/11/16
支持的传感器: Nessus Agent, Nessus
风险信息
VPR
风险因素: High
分数: 8.4
CVSS v2
风险因素: High
基本分数: 7.2
时间分数: 5.3
矢量: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS 分数来源: CVE-2023-36796
CVSS v3
风险因素: High
基本分数: 7.8
时间分数: 6.8
矢量: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
时间矢量: CVSS:3.0/E:U/RL:O/RC:C
漏洞信息
CPE: cpe:/a:microsoft:.net_framework
必需的 KB 项: SMB/MS_Bulletin_Checks/Possible
易利用性: No known exploits are available
补丁发布日期: 2023/9/12
漏洞发布日期: 2023/9/12
参考资料信息
CVE: CVE-2023-36788, CVE-2023-36792, CVE-2023-36793, CVE-2023-36794, CVE-2023-36796
IAVA: 2023-A-0470-S
MSFT: MS23-5029916, MS23-5029917, MS23-5029919, MS23-5029920, MS23-5029921, MS23-5029922, MS23-5029923, MS23-5029924, MS23-5029925, MS23-5029926, MS23-5029927, MS23-5029928, MS23-5029929, MS23-5029931, MS23-5029932, MS23-5029933, MS23-5029937, MS23-5029938, MS23-5029940, MS23-5029941, MS23-5029942, MS23-5029943, MS23-5029944, MS23-5029945, MS23-5029946, MS23-5029947, MS23-5029948, MS23-5030030, MS23-5030160
MSKB: 5029915, 5029916, 5029917, 5029919, 5029920, 5029921, 5029922, 5029923, 5029924, 5029925, 5029926, 5029927, 5029928, 5029929, 5029931, 5029932, 5029933, 5029937, 5029938, 5029940, 5029941, 5029942, 5029943, 5029944, 5029945, 5029946, 5029947, 5029948, 5030030, 5030160