This Cybersecurity Threat Advisory highlights a patched security flaw in Microsoft .NET and Visual Studio products that has been cited for active exploitation. To mitigate this vulnerability, users are advised to apply security updates as soon as possible.
What is the threat?
Tracked as CVE-2023-38180, this high-severity flaw can cause denial-of-service (DoS) to .NET and Visual Studio when exploited, resulting in total loss of availability. There are currently no details on the attacks in the wild leveraging this vulnerability.
Why is it noteworthy?
Microsoft noted that this zero-day vulnerability can be exploited remotely, and no user interaction or privileges are required based on the existence of proof-of-concept (PoC) in its advisory. As .NET and Visual Studio are both important components of an integrated development environment (IDE) that provides development productivity tools and debugging capabilities, and used to build many different applications, a high CVSS score of 7.5 for this vulnerability makes this a noteworthy vulnerability Using .NET and Visual Studio, developers can create data-centric, modern line of business applications for Windows, and incorporate UI, media, and complex business models. The affected versions include ASP.NET Core 2.1, .NET 6.0, .NET 7.0, and Microsoft Visual Studio 2022 Versions 17.2, 17.4, and 17.6.
What is the exposure or risk?
A successful exploitation due to the unpatched vulnerability can cause DoS attacks, as well as leaving access for remote attacks. However, if patched quickly, users can prevent this vulnerability from being exploited. A DoS attack is when attackers seek to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet, usually accomplished by flooding the targeted device with requests to try to overload systems and prevent some or all legitimate requests from being fulfilled.
What are the recommendations?
Barracuda MSP recommends taking the following actions to help mitigate the risks caused by this vulnerability.
- Apply vendor-provided fixes for the CVE-2023-38180 vulnerability.
- Regularly update your security systems and run scans for any malicious or suspicious activity.
- Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
For more in-depth information about the recommendations, please visit the following links:
- CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation (thehackernews.com)
- Known Exploited Vulnerabilities Catalog | CISA
If you have any questions about this Cybersecurity Threat Advisory, please contact our Security Operations Center.