Microsoft .NET Core and Visual Studio Denial of Service Vulnerability - 20230810002¶
Overview¶
The WA SOC has observed an unspecified vulnerability that allows for denial of service in Microsoft .NET Core and Visual Studio products.
What is the vulnerability?¶
CVE-2023-38180 - CVSS v3 Base Score: 7.5
What is vulnerable?¶
The vulnerability affects the following products:
- Microsoft Visual Studio 2022 versions 17.2 - 17.6
- .NET versions 6.0 - 7.0
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month (refer Patch Management):