Microsoft .NET and Visual Studio Flaw


As per reports, Microsoft .NET core and Visual Studio were found with a Denial of Service, which can be exploited by threat actors. Microsoft has released patches to fix this vulnerability for both .NET and Visual Studio Products.

RedHat stated that this vulnerability allows a threat actor to bypass the QUIC stream limit in both ASP.NET and .NET runtimes in the HTTP version 3, which causes a Denial of Service vulnerability. RedHat has also released patches for this vulnerability.

This vulnerability has a low exploitability vector. However, this highly affects the availability of the CIA triad of Microsoft products. 

Ubuntu Plugins

In addition to this, Tenable has released plugins to find this vulnerability through Nessus scans. 



Document

FREE Webinar

API Attacks Have Increased by 400% – Understand the Fundamentals of Protecting Your APIs with a Positive Security Model – Register Now for a Free Webinar


CVE-2023-38178: .NET Core and Visual Studio Denial of Service Vulnerability

This is a Denial of Service vulnerability that threat actors can exploit to make the service unavailable to ordinary users. The CVSS Score for this vulnerability was given as 7.5 (High). Microsoft has confirmed the confidence of this vulnerability.

Affected Products

Products that were affected due to this Denial of Service vulnerability include the following.

Affected Products Version
Microsoft Visual Studio 2022 17.4
Microsoft Visual Studio 2022 17.2
.NET 6.0

Fixed in Version

Microsoft has released patches for the affected products as below.

Product Fixed in Version
Microsoft Visual Studio 2022 17.4.10
Microsoft Visual Studio 2022 17.2.18
.NET 6.0.21

Users of these products are recommended to upgrade to the latest versions of these products to prevent threat actors from exploiting them.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.





Source link