QID 92022

Date Published: 2023-06-14

QID 92022: Microsoft .NET Framework Security Update for June 2023

A Denial of Service and Remote Code Execution Vulnerability exist in Microsoft .Net Framework.

Following KBs are covered in this detection:
KB5027540
KB5027531
KB5027542
KB5027533
KB5027541
KB5027532
KB5027543
KB5027534
KB5027219
KB5027230
KB5027538
KB5027119
KB5027537
KB5027539
KB5027544
KB5027536
KB5027123

This security update is rated Important for supported versions of Microsoft .NET Framework.

.NET Framework 2.0, 3.0, 3.5, 3.5.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1

QID Detection Logic (Authenticated):
Checks for vulnerable file.version of ntoskrnl.exe or Mscorlib.dll or System.core.dll for the respective .Net Framework KBs

Successful exploitation may allow a attacker to perform Denial of Service, Remote Code Execution and/or Elevation of Privileges.

CVSS V3 rated as High - 7.8 severity.

CVSS V2 rated as High - 7.6 severity.

Solution

Customers are advised to refer to CVE-2023-32030, CVE-2023-29326, CVE-2023-24895, CVE-2023-24936, CVE-2023-29331, and CVE-2023-24897 for more details pertaining to these vulnerabilities.

Vendor References

KB5027119 - support.microsoft.com/help/5027119
KB5027123 - support.microsoft.com/help/5027123
KB5027219 - support.microsoft.com/help/5027219
KB5027230 - support.microsoft.com/help/5027230
KB5027531 - support.microsoft.com/help/5027531
KB5027532 - support.microsoft.com/help/5027532
KB5027533 - support.microsoft.com/help/5027533
KB5027534 - support.microsoft.com/help/5027534
KB5027536 - support.microsoft.com/help/5027536
KB5027537 - support.microsoft.com/help/5027537
KB5027538 - support.microsoft.com/help/5027119
KB5027539 - support.microsoft.com/help/5027539
KB5027540 - support.microsoft.com/help/5027540
KB5027541 - support.microsoft.com/help/5027541
KB5027542 - support.microsoft.com/help/5027542
KB5027543 - support.microsoft.com/help/5027543
KB5027544 - support.microsoft.com/help/5027544

CVEs related to QID 92022

CVE-2023-32030 | CVE-2023-29326 | CVE-2023-24895 | CVE-2023-24936 | CVE-2023-29331 | CVE-2023-24897 |

Software Advisories

Advisory ID	Software	Component	Link
CVE-2023-24895			msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895
CVE-2023-24897			msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897
CVE-2023-24936			msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936
CVE-2023-29326			msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326
CVE-2023-29331			msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331
CVE-2023-32030			msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32030

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].