CVE-2018-8356
First published: Wed Jul 11 2018(Updated: )
A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2, ASP.NET Core 1.1, Microsoft .NET Framework 4.5.2, ASP.NET Core 2.0, ASP.NET Core 1.0, .NET Core 1.1, Microsoft .NET Framework 3.5, Microsoft .NET Framework 3.5.1, Microsoft .NET Framework 4.6/4.6.1/4.6.2, .NET Core 1.0, .NET Core 2.0, Microsoft .NET Framework 4.6, Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.1/4.7.2, Microsoft .NET Framework 4.7.2.
Credit: secure@microsoft.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Microsoft .NET Framework | =3.0-sp2 | |
| Microsoft Windows Server 2008 | =sp2 | |
| Microsoft .NET Framework | =3.5 | |
| Microsoft Windows 10 | ||
| Microsoft Windows 10 | =1607 | |
| Microsoft Windows 10 | =1703 | |
| Microsoft Windows 10 | =1709 | |
| Microsoft Windows 10 | =1803 | |
| Microsoft Windows 8.1 | ||
| Microsoft Windows Server | =1803 | |
| Microsoft Windows Server 2012 | ||
| Microsoft Windows Server 2012 | =r2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft .NET Framework | =3.5.1 | |
| Microsoft Windows 7 | =sp1 | |
| Microsoft Windows Server 2008 | =r2-sp1 | |
| Microsoft .NET Framework | =4.5.2 | |
| Microsoft Windows RT 8.1 | ||
| Microsoft Windows Server 2008 | =sp2 | |
| Microsoft .NET Framework | =4.6 | |
| Microsoft .NET Framework | =4.6.2 | |
| Microsoft .NET Framework | =4.7 | |
| Microsoft .NET Framework | =4.7.1 | |
| Microsoft .NET Framework | =4.7.2 | |
| Microsoft Windows Server 2016 | ||
| Microsoft .NET Framework | =4.6.1 | |
| Microsoft Powershell Core | =6.0 | |
| Microsoft Powershell Core | =6.1 | |
| Microsoft .NET Core | =1.0 | |
| Microsoft .NET Core | =1.1 | |
| Microsoft .NET Core | =2.0 | |
| Microsoft .net Framework Developer Pack | =4.7.2 | |
| Microsoft ASP.NET Core | =1.0 | |
| Microsoft ASP.NET Core | =1.1 | |
| Microsoft ASP.NET Core | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-8356?
CVE-2018-8356 is a security feature bypass vulnerability in Microsoft .NET Framework components.
Which versions of .NET Framework are affected by CVE-2018-8356?
CVE-2018-8356 affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2.
How severe is the vulnerability CVE-2018-8356?
The severity of CVE-2018-8356 is medium, with a severity value of 5.5.
How does CVE-2018-8356 work?
CVE-2018-8356 occurs when Microsoft .NET Framework components fail to correctly validate certificates, leading to a security feature bypass.
Where can I find more information about CVE-2018-8356?
More information about CVE-2018-8356 can be found on the following websites: http://www.securityfocus.com/bid/104664, http://www.securitytracker.com/id/1041257, https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8356.
- agent/type
- agent/softwarecombine
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/remedy
- agent/weakness
- agent/author
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/microsoft
- canonical/microsoft .net framework
- version/microsoft .net framework/3.0-sp2
- canonical/microsoft windows server 2008
- version/microsoft windows server 2008/sp2
- version/microsoft .net framework/3.5
- canonical/microsoft windows 10
- version/microsoft windows 10/1607
- version/microsoft windows 10/1703
- version/microsoft windows 10/1709
- version/microsoft windows 10/1803
- canonical/microsoft windows 8.1
- canonical/microsoft windows server
- version/microsoft windows server/1803
- canonical/microsoft windows server 2012
- version/microsoft windows server 2012/r2
- canonical/microsoft windows server 2016
- version/microsoft .net framework/3.5.1
- canonical/microsoft windows 7
- version/microsoft windows 7/sp1
- version/microsoft windows server 2008/r2-sp1
- version/microsoft .net framework/4.5.2
- canonical/microsoft windows rt 8.1
- version/microsoft .net framework/4.6
- version/microsoft .net framework/4.6.2
- version/microsoft .net framework/4.7
- version/microsoft .net framework/4.7.1
- version/microsoft .net framework/4.7.2
- version/microsoft .net framework/4.6.1
- canonical/microsoft powershell core
- version/microsoft powershell core/6.0
- version/microsoft powershell core/6.1
- canonical/microsoft .net core
- version/microsoft .net core/1.0
- version/microsoft .net core/1.1
- version/microsoft .net core/2.0
- canonical/microsoft .net framework developer pack
- version/microsoft .net framework developer pack/4.7.2
- canonical/microsoft asp.net core
- version/microsoft asp.net core/1.0
- version/microsoft asp.net core/1.1
- version/microsoft asp.net core/2.0