none
MS14-046: Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625) RRS feed

  • Question

  • InsighVM(Rapid7) is reporting vulnerability "MS14-046: Vulnerability in .NET Framework Could Allow Security Feature Bypass (2984625)" on Microsoft .NET Framework 2.0 SP2, but recommended patch "KB2937608" was already installed. this issue for all Windows 2008 sp2 servers. In the report, vulnerability proof mentioned as shown below. could you please help me with this issue.

    vulnerable software installed: Microsoft .NET Framework 2.0 SP2

     * Found an applicable package: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~x86~en-US~6.0.6001.18000.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide\Winners\msil_RegAsm.Resources_b03f5f7f11d50a3a_en-us_1b2f5d0d8917c959 - key exists

        * The above CBS component is currently version 6.0.6001.18000, expected version 6.0.6002.19134 or higher

        * Fix for KB2937608 is applicable for this CBS component


    Friday, January 25, 2019 6:06 AM