CVE-2017-0248

Name of the Vulnerable Software and Affected Versions Microsoft .NET Framework versions 2.0 through 4.7

Description A security issue exists where components do not completely validate certificates, allowing an attacker to present a certificate that is marked invalid for a specific use. The component may use it for that purpose, disregarding the Enhanced Key Usage taggings. This could enable an attacker to bypass security features.

Recommendations For Microsoft .NET Framework versions 2.0 through 4.7, ensure that all certificates are properly validated, considering their specific use and Enhanced Key Usage taggings. As a temporary workaround, consider restricting the use of certificates that are marked invalid for specific uses until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.