FortiClient VulnerabilityMicrosoft .NET Framework CVE-2016-7270 Information Disclosure Vulnerability
Description
An information disclosure vulnerability exists in Microsoft .NET 4.6.2 Frameworks Data Provider for SQL Server that could allow an attacker to access information that should be defended by the Always Encrypted feature. The vulnerability is caused when .NET Framework improperly uses a developer-supplied key. When this key is misused, it is also possible for access to data to be temporarily lost. To exploit the vulnerability, an attacker who can access the incorrectly encrypted data could attempt to decrypt the data using an easily guessable key. The security update addresses the vulnerability by correcting the way .NET Framework handles the developer-supplied key, and thus properly defends the data.
Affected Applications
Windows Server 2016
Windows Server 2012
Windows 8
Windows Server 2008
Windows 10
Windows 7
CVE References
CVE-2016-7270Other References
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2016-7270| ID | 51676 |
| Created | Sep 25, 2018 |
| Description Updated |
Dec 21, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | Microsoft |
| Patch | auto |
| Application | Windows Server 2016 , Windows Server 2012 , Windows 8 , Windows Server 2008 , Windows 10 , Windows 7 |