.NET Framework Visual C++ Office Security

Topic

New Reply

Does anyone know exactly what is the effect of security updates on .NET Framework, Visual Studio Redistributables and Runtimes like Visual C++, Office?

The other updates for those products are enhancements to functionality or bug fixes, but security updates?

Please post here if you have a good understanding of the issue or even post other relevant questions.

Reply | Quote

Replies

Yes, but what is the usefulness of it?
Is it related to the security of the applications built on that specific version of .NET Framework?

Reply | Quote

In the linked instance, my understanding is that the vulnerability is limited to applications that use the Always Encrypted feature to defend the encryption keys of SQL Server databases.

Executive Summary

This security update resolves a vulnerability in Microsoft .NET 4.6.2 Framework’s Data Provider for SQL Server. A security vulnerability exists in Microsoft .NET Framework 4.6.2 that could allow an attacker to access information that is defended by the Always Encrypted feature.

Always Encrypted

Always Encrypted is a feature designed to protect sensitive data, such as credit card numbers or national identification numbers (e.g. U.S. social security numbers), stored in Azure SQL Database or SQL Server databases. Always Encrypted allows clients to encrypt sensitive data inside client applications and never reveal the encryption keys to the Database Engine (SQL Database or SQL Server). As a result, Always Encrypted provides a separation between those who own the data (and can view it) and those who manage the data (but should have no access

https://technet.microsoft.com/library/security/dn848375.aspx#AlwaysEncrypted

1 user thanked author for this post.

ch100

Reply | Quote