• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
cisa adds microsoft .net vulnerability to kev catalog due to

CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation

You are here: Home / General Cyber Security News / CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation
August 11, 2023

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has additional a just lately patched security flaw in Microsoft’s .NET and Visual Studio merchandise to its Recognised Exploited Vulnerabilities (KEV) catalog, citing proof of energetic exploitation.

Tracked as CVE-2023-38180 (CVSS rating: 7.5), the substantial-severity flaw relates to a case denial-of-assistance (DoS) impacting .NET and Visual Studio.

It was addressed by Microsoft as section of its August 2023 Patch Tuesday updates shipped previously this week, tagging it with an “Exploitation Additional Probable” evaluation.

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


Whilst correct information encompassing the character of exploitation are unclear, the Windows maker has acknowledged the existence of a evidence-of-thought (PoC) in its advisory. It also reported that attacks leveraging the flaw can be pulled off without having any added privileges or consumer interaction.

Cybersecurity

“Evidence-of-idea exploit code is obtainable, or an attack demonstration is not useful for most systems,” the business mentioned. “The code or strategy is not purposeful in all situations and might require sizeable modification by a skilled attacker.”

Afflicted versions of the computer software include things like ASP.NET Core 2.1, .NET 6., .NET 7., Microsoft Visual Studio 2022 model 17.2, Microsoft Visual Studio 2022 model 17.4, and Microsoft Visible Studio 2022 edition 17.6.

To mitigate likely risks, CISA has recommended Federal Civilian Government Department (FCEB) organizations to apply vendor-delivered fixes for the vulnerability by August 30, 2023.

Identified this short article appealing? Follow us on Twitter  and LinkedIn to examine far more distinctive written content we publish.


Some components of this posting are sourced from:
thehackernews.com

Previous Post: «new attack alert: freeze.rs injector weaponized for xworm malware attacks New Attack Alert: Freeze.rs Injector Weaponized for XWorm Malware Attacks
Next Post: 15 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks 15 new codesys sdk flaws expose ot environments to remote»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Qilin Ransomware Adds “Call Lawyer” Feature to Pressure Victims for Larger Ransoms
  • Iran’s State TV Hijacked Mid-Broadcast Amid Geopolitical Tensions; $90M Stolen in Crypto Heist
  • 6 Steps to 24/7 In-House SOC Success
  • Massive 7.3 Tbps DDoS Attack Delivers 37.4 TB in 45 Seconds, Targeting Hosting Provider
  • 67 Trojanized GitHub Repositories Found in Campaign Targeting Gamers and Developers
  • New Android Malware Surge Hits Devices via Overlays, Virtualization Fraud and NFC Theft
  • BlueNoroff Deepfake Zoom Scam Hits Crypto Employee with MacOS Backdoor Malware
  • Secure Vibe Coding: The Complete New Guide
  • Uncover LOTS Attacks Hiding in Trusted Tools — Learn How in This Free Expert Session
  • Russian APT29 Exploits Gmail App Passwords to Bypass 2FA in Targeted Phishing Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.