|CERT-In Vulnerability Note
Multiple Vulnerabilities in Microsoft .NET Framework
Original Issue Date:December 14, 2016
Severity Rating: HIGH
- Windows 7 for 32-bit Systems Service Pack 1
- Windows 7 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for x64-based Systems Service Pack 1
- Windows Server 2008 R2 for Itanium-based Systems Service Pack 1
- Windows Server 2012
- Windows 8.1 for 32-bit Systems
- Windows 8.1 for x64-based Systems
- Windows 8.1 RT
- Windows Server 2012 R2
- Windows 10 Version 1607 for 32-bit
- Windows 10 Version 1607 for x64-based Systems
- Windows Server 2016 for x64-based Systems
- Windows Server 2008 R2 for x64-based Systems Service Pack 1 (Server Core installation)
- Windows Server 2012 (Server Core installation)
- Windows Server 2012 R2 (Server Core installation)
- Windows Server 2016 for x64-based Systems (Server Core installation)
An information disclosure vulnerability has been reported in Microsoft .NET Framework which could be exploited by an attacker to obtain sensitive information on the targeted system.
The information disclosure vulnerability exists in .NET frameworks Data Provider for SQL Server due to improper use of the developer-supplied key.
This allows the attacker to access the information that is protected by the "Always-Encrypted" feature of the .NET framework.
Apply appropriate patch as mentioned in Microsoft Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003