.NET Framework Denial of Service Vulnerability
Released: May 10, 2022
Last updated: Dec 15, 2022
- Assigning CNA
- Microsoft
- CVE.org link
- CVE-2022-30130
- Impact
- Denial of Service
- Max Severity
- Low
- CVSS Source
- Microsoft
- Vector String
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C
- Metrics
- CVSS:3.1 3.3 / 2.9Base score metrics: 3.3 / Temporal score metrics: 2.9
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low
Exploit Code Maturity
Unproven
Remediation Level
Official Fix
Report Confidence
Confirmed
Please see Common Vulnerability Scoring System for more information on the definition of these metrics.
Exploitability
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
- Publicly disclosed
- No
- Exploited
- No
- Exploitability assessment
- Exploitation Less Likely
Acknowledgements
- Eran Zimmerman Gonen with Accenture Security Israel
- Eran Zimmerman Gonen with Accenture Security Israel
Security Updates
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle.
- 10.0.10240.19624
- 10.0.10240.19624
- 4.7.03946.07
- 4.7.03946.05
- 4.7.03946.07
- 4.7.03946.05
- 4.7.03946.02
- 4.7.03946.03
- 4.7.03946.02
- 4.7.03946.03
- 4.7.03946.02
- 4.7.03946.03
- 4.7.03946.02
- 4.7.03946.03
- 4.7.03946.07
- 4.7.03946.05
- 4.7.03946.07
- 4.7.03946.05
- Monthly Rollup
- 4.7.03946.02
- 4.7.03946.02
- 4.7.03946.03
- 4.7.03946.02
- 4.7.03946.03
- 4.7.03946.07
- 4.7.03946.05
- 4.7.03946.07
- 4.7.03946.05
Disclaimer
Revisions
The following revisions have been made: 1) Added .NET Framework 3.5 and 4.6/4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems as .NET 4.6 installed on Windows 10 is supported. 2) Removed .NET Framework 3.5 and 4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
In the Security Updates table made the following revisions: 1) Added .NET Framework 3.5 and 4.6.2 installed on Windows 10 for 32-bit Systems and Windows 10 for x65-based Systems as they are affected by this vulnerability. Microsoft strongly recommends that customers install the updates to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action. 2) Removed .NET Framework 4.6 and .NET Framework 4.6.1 installed on supported editions of Windows Server 2008, Windows 7, Windows Server 2008 R2, Windows Server 2012, Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 as these versions of .NET Framework are no longer supported.
To comprehensively address this vulnerability, Microsoft has released Monthly Rollup KB5016268 for .NET Framework 3.5 installed on Windows 8.1 and Windows Server 2012 R2. Microsoft strongly recommends that customers install the update to be fully protected from the vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.
Information published.