Patching Windows Server 2012 (updating .dll)

Abiodun Oluwade 1 Reputation point
2021-02-18T14:33:51.003+00:00

Hello ,

Our company has recently conducted a vulnerability scan on our Azure VMs and identified a few issues relating to ASP.Core, we have complied the issues in a spreadsheet as well as the corresponding solution to the issues, however we are a bit unclear on the instructions for applying these updates to our servers, we have attempted a few of the solutions however these do not seem update the assembly .dll which are vulnerable on our servers.

Below are 4 of the updates we are unsure how to implement on our servers , the links in the solutions were unclear to us, any assistance would be appreciated.


Security Updates for Microsoft .NET core and ASP.NET (Bypass) (July 2018)
The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.

The Microsoft .NET and ASP.NET installations on the remote host are missing a security update. It is, therefore, affected by the following vulnerability :

  • A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated. An attacker who successfully exploited this vulnerability could try an infinite number of authentication attempts. The update addresses the vulnerability by validating the number of incorrect login attempts. (CVE-2018-

Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.

http://www.nessus.org/u?59900f80

Security Updates for Microsoft .NET core and ASP.NET (DoS) (July 2018) The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages. The Microsoft ASP.NET Core installations on the remote host are missing a security update. It is, therefore, affected by the following vulnerability :

--- Security Update for .NET Core SDK (March 2019) The remote Windows host is affected by a tampering vulnerability. The remote Windows host has an installation of .NET Core SDK with a version of 1.x < 1.1.13 or 2.1.x < 2.1.505. Therefore, the host is affected by a tampering vulnerability with in the NuGet Package Manager. An authenticated, attacker can exploit this, via manipulating the folder contents prior to building or installing a application, to modify files and folders after unpacking. http://www.nessus.org/u?8b5a86c1

--- Security Updates for Microsoft .NET core and ASP.NET (DoS) (July 2018) The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages. The Microsoft ASP.NET Core installations on the remote host are missing a security update. It is, therefore, affected by the following vulnerability :
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates.
An attacker could present expired certificates when challenged. The security update addresses the vulnerability by ensuring that .NET Framework components correctly validate certificates. (CVE-2018-8356) Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory. http://www.nessus.org/u?3e10f501

--- Security Updates for Microsoft .NET core and ASP.NET (Bypass) (July 2018)
The Microsoft ASP.NET Core installations on the remote host contain vulnerable packages.
The Microsoft .NET and ASP.NET installations on the remote host are missing a security update. It is, therefore, affected by the following vulnerability :
A Security Feature Bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated. An attacker who successfully exploited this vulnerability could try an infinite number of authentication attempts. The update addresses the vulnerability by validating the number of incorrect login attempts. (CVE-2018-

Update ASP.NET Core, remove vulnerable packages and refer to vendor advisory.

http://www.nessus.org/u?59900f80


Windows Server 2012
Windows Server 2012
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
1,570 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,778 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Anonymous
    2021-02-18T15:50:35.443+00:00

    Maybe these ones help.
    https://devblogs.microsoft.com/dotnet/net-january-2021/

    --please don't forget to Accept as answer if the reply is helpful--

    0 comments No comments

  2. Carl Fan 6,836 Reputation points
    2021-02-19T08:11:10.347+00:00

    Hi,
    Update asp.net Core, remove vulnerable packages and refer to information below.
    Microsoft Security Advisory CVE-2018-8171: ASP.NET Core Security Feature Bypass Vulnerability
    https://github.com/aspnet/Announcements/issues/310
    Hope this helps and please help to accept as Answer if the response is useful.
    Best Regards,
    Carl

    0 comments No comments