CVE-2016-7270

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework version 4.6.2

Description An information disclosure issue exists due to the improper handling of a developer-supplied key by the Data Provider for SQL Server in Microsoft .NET Framework. This allows remote attackers to bypass the Always Encrypted protection mechanism, potentially obtaining sensitive cleartext information. The vulnerability is caused by key guessability.

Recommendations For Microsoft .NET Framework version 4.6.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.