.NET October 2023 Security Updates – .NET 7.0.13, .NET 6.0.24


  • Staff
10/24/2023: this post was revised to update the October 10, 2023 security releases. Today’s .NET 7.0.13 and .NET 6.0.24 releases contain the security fixes from our previous September release that were missing in the October release.

You can download 7.0.13 and 6.0.24 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.

Security​

September 12, 2023 Security Updates

Note: The vulnerabilities CVE-2023-36792, CVE-2023-36793, CVE-2023-36792, CVE-2023-36796 are all resolved by a single patch. Get this update to resolve all of them.

CVE-2023-36792 – .NET Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.

CVE-2023-36793 – .NET Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.

CVE-2023-36794 – .NET Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.

CVE-2023-36796 – .NET Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.

CVE-2023-36799 – .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in .NET where reading a maliciously crafted X.509 certificate may result in Denial of Service. This issue only affects Linux systems.

October 10, 2023 Security Updates


CVE-2023-44487 – .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 RC1, .NET 7.0 ,and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A patch for this vulnerability (nicknamed “Rapid Reset”) is being released in coordination with other industry partners.

A vulnerability exists in the ASP.NET Core Kestrel web server where a malicious client may flood the server with specially crafted HTTP/2 requests, causing denial of service.

CVE-2023-38171 – .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0 RC1. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

A null pointer vulnerability exists in MsQuic.dll which may lead to Denial of Service. This issue only affects Windows systems.

CVE-2023-36435 – .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0 RC1. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.

A memory leak vulnerability exists in MsQuic.dll which may lead to Denial of Service. This issue only affects Windows systems.

Visual Studio

See release notes for Visual Studio compatibility for .NET 7.0 and .NET 6.0.
Click to expand...

Source:
devblogs.microsoft.com

.NET October 2023 Updates – .NET 7.0.13, .NET 6.0.24 - .NET Blog

Check out latest October 2023 updates for .NET 7.0 and .NET 6.0
devblogs.microsoft.com devblogs.microsoft.com
 

Attachments

  • dotnet-bot_handybot.png
    dotnet-bot_handybot.png
    7.2 KB · Views: 0
Click to expand...
I checked WU when I got home from work today and saw them so I got them.
 

My Computers

System One System Two

  • OS
    Windows 11 Pro
    Computer type
    PC/Desktop
    Manufacturer/Model
    Self Built
    CPU
    Intel Core i9 13900k, Intel UHD 770 integrated
    Motherboard
    MSI MEG Z790 ACE
    Memory
    32gb G.Skill Trident Z5 6600
    Graphics Card(s)
    Gigabyte RTX 4090 Gaming OC
    Sound Card
    EVGA Nu Audio, Razer Kraken V3 Pro, Realtek Onboard
    Monitor(s) Displays
    LG 38GN950-B, Benq EX3415R nano IPS monitors
    Screen Resolution
    3840x1600, 3440X1440
    Hard Drives
    Samsung 970 Pro, Samsung 850 Pro, Crucial MX500, WD Black SN700, WD Black 8tb HD
    PSU
    EVGA Supernova G2 1300w
    Case
    Thermaltake Level 20 XT
    Cooling
    ARCTIC Liquid Freezer III 420 ARGB in push/pull, Antec Prism X 120mm ARGB Fans x 15
    Keyboard
    Razer Huntsman Elite V1
    Mouse
    Corsair Dark Core Pro SE on an Asus ROG Balteus Qi pad
    Internet Speed
    450Mbps cable primary, 6Mbps secondary vdsl
    Browser
    Chrome primary, FF-Edge-IE secondary
    Antivirus
    Norton 360 Premium
    Other Info
    I sit on a Secret Lab Titan XL 2020 chair.😍
  • Operating System
    Windows 11 Pro
    Computer type
    Laptop
    Manufacturer/Model
    2021 HP Omen
    CPU
    AMD Ryzen 7 5800H
    Motherboard
    factory
    Memory
    16gb ddr 3200
    Graphics card(s)
    Nvidia RTX 3060 Mobile
    Sound Card
    onboard B&O
    Monitor(s) Displays
    15.6" 144hz IPS
    Screen Resolution
    1920x1080
    Hard Drives
    Hynix 512gb nvme ssd, WD Black SN850 2TB nvme ssd
    PSU
    factory
    Case
    factory
    Cooling
    factory with ARCTIC MX-6
    Mouse
    touchpad and Logitech wireless mouse
    Keyboard
    4 zone rgb
    Internet Speed
    WiFi 6, 1gb ethernet
    Browser
    Chrome primary, FF-IE and Edge secondary
    Antivirus
    Norton 360 Premium
You must log in or register to reply here.

Similar threads

  • Article
.NET March 2024 Updates - .NET 8.0.3, 7.0.17, .NET 6.0.28
Replies
2
Views
932
Melchior
Melchior
  • Article
.NET April 2024 Updates - .NET 8.0.4, 7.0.18, .NET 6.0.29
Replies
0
Views
379
Brink
Brink
  • Article
.NET February 2024 Updates - .NET 8.0.2, 7.0.16, .NET 6.0.27
Replies
0
Views
377
Brink
Brink
  • Article
.NET January 2024 Updates – .NET 8.0.1, 7.0.15, .NET 6.0.26
Replies
0
Views
475
Brink
Brink
  • Article
.NET November 2023 Updates – .NET 7.0.14, .NET 6.0.25
Replies
0
Views
431
Brink
Brink

Latest Support Threads

Latest Tutorials

Back
Top Bottom