Endpoint Vulnerability

Microsoft: .NET Framework Elevation of Privilege Vulnerability

Description

An elevation of privilege vulnerability exists when the .NET Framework common language runtime (CLR) allows file creation in arbitrary locations. An attacker who successfully exploited this vulnerability could write files to folders that require higher privileges than what the attacker already has. To exploit the vulnerability, an attacker would need to log into a system. The attacker could then specify the targeted folder and trigger an affected process to run. The update addresses the vulnerability correcting how the .NET Framework CLR process logs data.

Affected Products

Microsoft .NET Framework 4.5.2 on Windows RT 8.1,Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 on Windows RT 8.1,Microsoft .NET Framework 3.5 AND 4.8 on Windows Server, version 1903 (Server Core installation),Microsoft .NET Framework 3.5 on Windows Server, version 1803 (Server Core Installation),Microsoft .NET Framework 4.8 on Windows RT 8.1,Microsoft .NET Framework 4.8 on Windows Server, version 1803 (Server Core Installation),Windows Server 2016,Windows Server 2012,Windows 8,Windows 10

References

CVE-2019-1142,