| CVE Number | Vulnerability | Product | Severity | Date |
|---|---|---|---|---|
| MS16-065 | Security Update for .NET Framework (3156757) | Microsoft .NET | Critical | 11-05-2016 |
Technical Information
Brief overview of the risk:
This security update resolves a vulnerability in Microsoft .NET Framework. The vulnerability could cause information disclosure if an attacker injects unencrypted data into the target secure channel and then performs a man-in-the-middle (MiTM) attack between the targeted client and a legitimate server.
Detailed Information on the risk:
To exploit the vulnerability, an attacker would first have to inject unencrypted data into the secure channel and then perform a man-in-the-middle (MiTM) attack between the targeted client and a legitimate server. The update addresses the vulnerability by modifying the way that the .NET encryption component sends and receives encrypted network packets.
Microsoft .NET Framework 2.0 Service Pack 2 Further information on this exploit is available at : MS16-065
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5
Affected Software
Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5