Test ID:	1.3.6.1.4.1.25623.1.0.815156
Category:	Windows : Microsoft Bulletins
Title:	Microsoft .NET Framework Multiple Vulnerabilities (KB4507420)
Summary:	This host is missing a critical security; update according to Microsoft KB4507420
Description:	Summary: This host is missing a critical security update according to Microsoft KB4507420 Vulnerability Insight: Multiple flaws exist due to: - An error in Windows Communication Foundation (WCF) and Windows Identity Foundation (WIF), allowing signing of SAML tokens with arbitrary symmetric keys. - An error when Microsoft Common Object Runtime Library improperly handles web requests. - Because the .NET Framework fails to check the source markup of a file. Vulnerability Impact: Successful exploitation will allow an attacker to gain elevated privileges, conduct denial-of-service condition and execute arbitrary code. Affected Software/OS: Microsoft .NET Framework 3.5.1, 4.5.2, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 and 4.8 on Microsoft Windows 7 SP1 and Microsoft Windows Server 2008 R2 SP1. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2019-1113 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1113 Common Vulnerability Exposure (CVE) ID: CVE-2019-1006 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1006 Common Vulnerability Exposure (CVE) ID: CVE-2019-1083 https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1083
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.