This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.
This signature detects attempts to exploit a remote code execution vulnerability in Microsoft Windows .NET Framework.
Microsoft Windows is prone to a remote code-execution vulnerability because the .NET Framework fails to properly validate input. Specifically, this issue occurs due to an error in the WSDL parser module within the 'PrintClientProxy' method. An attacker can exploit this issue by sending the malicious document or application and enticing a user to open it leading to download and execute PowerShell commands within a Visual Basic script.
Successfully exploiting this issue may allow attackers to execute arbitrary code in the context of the application. Failed exploit attempts will result in denial-of-service conditions.
- Microsoft Windows .NET Framework
Updates are available. Please see the references or vendor advisory for more information.