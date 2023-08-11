The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched security flaw in Microsoft’s .NET and Visual Studio products to its Known Exploited Vulnerabilities (KEV) catalog. The flaw, known as CVE-2023-38180, has a high severity and is related to a denial-of-service (DoS) vulnerability affecting .NET and Visual Studio.

Microsoft addressed the issue as part of its August 2023 Patch Tuesday updates. The company has also acknowledged the existence of a proof-of-concept (PoC) in its advisory, although specific details about the nature of the exploitation are unclear. The flaw can be leveraged without additional privileges or user interaction.

Versions of the affected software include ASP.NET Core 2.1, .NET 6.0, .NET 7.0, Microsoft Visual Studio 2022 versions 17.2, 17.4, and 17.6.

To mitigate potential risks, CISA has recommended that Federal Civilian Executive Branch (FCEB) agencies apply the fixes provided by the vendor by August 30, 2023.

