The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a just lately patched safety flaw in Microsoft’s .NET and Visual Studio merchandise to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, tracked as CVE-2023-38180, is a high-severity denial-of-service (DoS) vulnerability. It was addressed by Microsoft in its August 2023 Patch Tuesday updates. The firm acknowledged the existence of a proof-of-concept (PoC) and said that assaults leveraging the flaw will be pulled off with none extra privileges or person interplay.
The affected variations of the software program embrace ASP.NET Core 2.1, .NET 6.0, .NET 7.0, and Microsoft Visual Studio 2022 variations 17.2, 17.4, and 17.6. CISA has beneficial Federal Civilian Executive Branch (FCEB) businesses to apply the vendor-provided fixes by August 30, 2023 to mitigate potential dangers related to the vulnerability.
Source hyperlink