CVE Number | Vulnerability | Product | Severity | Date |
---|---|---|---|---|
MS16-155 | Security Update for .NET Framework (3205640) | Microsoft .NET | Important | 14-12-2016 |
Technical Information
Brief overview of the risk:
This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server.
Detailed Information on the risk:
An information disclosure vulnerability exists in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server that could allow an attacker to access information that should be defended by the Always Encrypted feature. The vulnerability is caused when .NET Framework improperly uses a developer-supplied key. When this key is misused, it is also possible for access to data to be temporarily lost.Further information on this exploit is available at : MS16-155