vulnerability
MS16-155: Security Update for .NET Framework (3205640)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Dec 13, 2016 | Dec 13, 2016 | Nov 18, 2021 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Dec 13, 2016
Added
Dec 13, 2016
Modified
Nov 18, 2021
Description
An information disclosure vulnerability exists in Microsoft .NET 4.6.2 Framework's Data Provider for SQL Server that could allow an attacker to access information that should be defended by the Always Encrypted feature. The vulnerability is caused when .NET Framework improperly uses a developer-supplied key. When this key is misused, it is also possible for access to data to be temporarily lost.
Solutions
WINDOWS-HOTFIX-MS16-144-aefda319-d2f7-4ecc-be6b-9bcf2e617a30WINDOWS-HOTFIX-MS16-144-b6fe6c4a-089b-43be-8cd8-ebaa394a9424WINDOWS-HOTFIX-MS16-144-f7915dec-5649-4571-8913-6797401db5afWINDOWS-HOTFIX-MS16-155-14a84341-8f93-4278-a8e3-b4fb57bd4adfWINDOWS-HOTFIX-MS16-155-7876a462-9794-4da7-8e33-bf095741188aWINDOWS-HOTFIX-MS16-155-845ab02e-ab55-4a6d-a964-3f9b30990f68WINDOWS-HOTFIX-MS16-155-b57ad9f6-0270-4e98-b9f7-84bfe38d360cWINDOWS-HOTFIX-MS16-155-be880abe-f1f8-471e-90fe-abf546eae102
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.