ProductsLogo
LogoStudy Documents
LogoAI Grader
LogoAI Answer
LogoAI Code Checker
LogoPlagiarism Checker
LogoAI Paraphraser
LogoAI Quiz
LogoAI Detector
PricingBlogAbout Us
logo

Vulnerability in .NET Framework

Verified

Added on  2019/09/20

|4
|979
|271
Report
AI Summary
The .NET framework is a comprehensive application platform that provides various features and abilities to developers for building Windows Presentation Foundation, Windows Services, Windows Forms applications, Web services, Console Applications, and more. However, it has a vulnerability known as elevation of privilege which allows an attacker to execute malicious code on the victim's system without their knowledge or consent.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.
Document Page
Contents
Executive Summary...................................................................................................................1
Technical Description................................................................................................................1
Exploitation Description.........................................................................................................1
Attack Vectors........................................................................................................................1
Mitigation...............................................................................................................................2
Exploitation Scenario.............................................................................................................2
Remediation............................................................................................................................2

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.
Document Page
Executive Summary
.NET framework is an integrated application that provides an abundant set of abilities and
features to the developers. The following application can be developed, executed, and
deployed using the framework.
Windows Presentation Foundation (WPF) applications
Windows Services
Windows Forms applications
Web services
Console Applications
Web applications (ASP.NET applications)
SOA (Service-oriented Applications)
Workflow-enabled applications
The developers can also utilize the framework in the development of sharable components.
These components and objects can then be applied and utilized is cloud or distributed
computing environment. Object oriented model is supported by the .NET Framework and the
applications can be developed in varied set of languages, such as C#, C++, Visual Basic, etc.
the interoperability and robustness of the language is maintained and promoted by the
framework [1] . This gives the ability to the developers to write code once and utilize it
multiple times.
Elevation of privilege is one of the vulnerabilities that are present in the .NET framework. It
was identified win August, 2015 and has been assigned with a severity 9.
Technical Description
Exploitation Description
The particular version of Microsoft .NET Framework that is installed on the remote hosts is
impacted by multiple elevations of privilege vulnerabilities. The primary cause behind the
same is that RyuJIT compiler [3] does not adequately optimize a few parameters that lead to
code generation error [2]. A remote user can give shape to the attack by convincing a user to
execute an infected application that will exploit the vulnerabilities and the control of the
infected system will be provided to the attacker. The successful execution of the attack may
also bring up the impacts on the availability and continuity of the services which may
eventually cause service breakdown. There may be denial of service like situation that may
come up as well. There will be no forcing or pressurizing involved at the part of the attacker.
The user would be required to be convinced to execute the malicious application in all the
cases.
Attack Vectors
An attacker would host a specially developed .NET application and place it on a website,
a social media site or someplace else.
Attacker infects a file that could be an image, a word document, an executable file, a
database file, a programming file or something else.
The attacker then targets his or her victims via mass distribution methods such as spam
emails, web-games, and infected websites and so on.
Or else with the help of social engineering tactics or via mass distribution methods
distributes these infected files to victims.
Document Page
The attacker would receive the control of the system that is impacted by the vulnerability
as soon as the infected file will be executed by the victim. The attacker may perform a
variety of activities thereafter, such as installation of other applications, unauthorized
monitoring and modification of the data sets, new accounts creation, etc. The users that
do not have administrative rights could have lower impacted as compared to the users
with administrative rights [4].
Mitigation
Execute the file regedit.exe.
Develop a text document with the name as RyuJIT-disable.reg and include the
following text in the file.
Windows Registry Editor Version 5.00
o [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework]
o "useLegacyJit"=dword:00000001
Click on File option from Registry Editor and click on the Import option.
Navigate and select the RyuJIT-disable.reg file as created in the first step.
If the file is not visible on the location that is navigation then the All files option shall
be selected from the extension dialog [5].
Open the file and click on OK button
Close Registry Editor
Restart the system
Exploitation Scenario
The attacker would host an infected .NET application file and place it on a website or
distribute it via email.
The attacker however, has no means to force users in order to make use of the application.
The attacker would then lure the victim by making use of social engineering tactics towards
the website.
The attacker would then through the use of attractive offers, schemes, banner advertisements
or making something plausible for the employee’s official use, make him download the
application and execute it.
As soon as the victim executes the application, the attacker gains control of the system.
Remediation
Applying the following update released by Microsoft : “WINDOWS-HOTFIX-MS15-
080-7ea34c86-0b4e-4764-86dd-5d0ce3764332”
Making sure the operating system remains always updated and all necessary applications
patched with latest releases.
Ensuring there is an effective Antivirus and a Firewall Application running that is
updated regularly.
Never downloading and executing files from unsolicited mails and untrusted websites.
Document Page
References
[1]INTRODUCTION TO .NET FRAMEWORK. 2017.
[2]"Microsoft Security Bulletin MS15-092 - Important", Docs.microsoft.com, 2018. [Online].
Available: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/
ms15-092. [Accessed: 22- Apr- 2018].
[3]NEW THREAT OVERVIEW | PREVIOUS THREATS UPDATES | THREAT DETAILS.
2015.
[4]"Patch Management by ManageEngine Patch Manager Plus", ManageEngine Patch
Manager Plus, 2018. [Online]. Available:
https://www.manageengine.com/products/desktop-central/patch-management/MS15-
092.html. [Accessed: 22- Apr- 2018].
[5]"Microsoft Security Bulletin MS15-092 - Important", Docs.microsoft.com, 2018. [Online].
Available: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2015/
ms15-092. [Accessed: 22- Apr- 2018].
1 out of 4
circle_padding
hide_on_mobile
zoom_out_icon
[object Object]

Your All-in-One AI-Powered Toolkit for Academic Success.

  +13062052269
info@desklib.com

Available 24*7 on WhatsApp / Email

[object Object]
Unlock your academic potential

© 2024   |   Zucol Services PVT LTD   |   All rights reserved.