Endpoint Vulnerability

Microsoft: .NET Framework Information Disclosure Vulnerability

Description

An information disclosure vulnerability exists when the .NET Framework improperly handles objects in memory. An attacker who successfully exploited the vulnerability could disclose contents of an affected system's memory. To exploit the vulnerability, an authenticated attacker would need to run a specially crafted application. The update addresses the vulnerability by correcting how the .NET Framework handles objects in memory.

Affected Products

Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1909 (Server Core installation),Microsoft .NET Framework 4.5.2 on Windows RT 8.1,Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1,Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation),Microsoft .NET Framework 4.8 on Windows RT 8.1,Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 2004 (Server Core installation),Windows Server 2016,Windows Server 2012,Windows 8,Windows 7

References

CVE-2020-16937,