CISA Highlights Exploited Flaw in .NET and Visual Studio

August 10, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) in the United States has flagged a zero-day vulnerability that is impacting Microsoft's .NET and Visual Studio products. This flaw has been added to CISA's Known Exploited Vulnerabilities Catalog. The identified vulnerability, cataloged as CVE-2023-38180, was resolved by Microsoft as part of their August 2023 Patch Tuesday updates.

These updates from Microsoft also addressed another vulnerability, CVE-2023-36884, that was exploited by Russian threat actors. The CVE-2023-38180 vulnerability can be leveraged to launch denial-of-service (DoS) attacks. Microsoft, in its advisory, has acknowledged the malicious exploitation of this vulnerability, although no specific details about the attacks that have exploited this vulnerability have been provided.

The advisory from Microsoft also indicates that this vulnerability can be exploited remotely, and no user interaction or privileges are needed for this. CVE-2023-38180 has been given an 'important' severity rating, with a CVSS score of 7.5, indicating high severity. According to the information from Microsoft, this flaw affects Visual Studio 2022 versions 17.2, 17.4 and 17.6, as well as .NET 6.0 and 7.0, and ASP.NET Core 2.1.

CISA has included CVE-2023-38180 in its list of 'must patch' vulnerabilities, and has directed government organizations to apply the necessary patches or mitigations by August 30, in accordance with Binding Operational Directive 22-01. CISA's catalog also lists a few other vulnerabilities that have been exploited, which impact .NET and/or Visual Studio.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.