Microsoft .NET Framework Authentication Bypass And Spoofing Vulnerabilities (2836440) Network Vulnerability

Summary

This host is missing an important security update according to Microsoft Bulletin MS13-040.

Impact

Successful exploitation could allow an attacker to bypass security mechanism and gain access to restricted endpoint functions. Impact Level: System/Application

Solution

Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/ms13-040

Insight

The flaws are due to - Improper validation of XML signatures by the CLR - Error within the WCF endpoint authentication mechanism when handling queries

Affected

Microsoft .NET Framework 4 Microsoft .NET Framework 4.5 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 2.0 Service Pack 2

References

http://secunia.com/advisories/53350
http://technet.microsoft.com/en-us/security/bulletin/ms13-040
http://www.osvdb.com/93301
http://www.osvdb.com/93302

Updated on 2015-03-25

Severity

Classification

CVE CVE-2013-1336, CVE-2013-1337

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
Cumulative Security Update for Internet Explorer (931768)
Microsoft Help and Support Center Remote Code Execution Vulnerability (2229593)
Certificate Validation Flaw Could Enable Identity Spoofing (Q328145)
Microsoft IIS FTP Service Remote Code Execution Vulnerabilities (975254)

Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)

Take action and discover your vulnerabilities