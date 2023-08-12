The United States Cybersecurity and Infrastructure Security Agency (CISA) has reported a recent security breachfortunately quickly fixed in Microsoft’s .NET and Visual Studio products to its catalog of Known Exploited Vulnerabilities (KEV, Known Exploited Vulnerabilities), citing evidence of active exploitation.

What has been revealed about the .NET libraries

Identified as CVE-2023-38180 (CVSS Score: 7.5), this high-severity flaw relates to a denial-of-service (DoS) case affecting .NET and Visual Studio.

Was faced by Microsoft as part of the August 2023 Patch Tuesday updates shipped earlier this week, rating it with a rating of “Exploitation more likely“.

While the exact details regarding the nature of the exploitation are unclear, the Windows maker has acknowledged the existence of a proof of concept (PoC) in its disclosure. He also said that attacks that exploit the flaw can be performed without additional privileges or user interaction.

“Example code of an exploitation is available, but a demonstration of the attack is impractical for most systems“, has declared the company. “The code or technique is not functional in all situations and may require a major change by an experienced attacker.”

Affected versions of the software include ASP.NET Core 2.1, .NET 6.0, .NET 7.0, Microsoft Visual Studio 2022 version 17.2, Microsoft Visual Studio 2022 version 17.4 and Microsoft Visual Studio 2022 version 17.6.

To mitigate the potential risks, CISA has recommended that Federal Civil Executive Branch (FCEB) agencies implement vendor-provided fixes for the vulnerability by August 30, 2023.

How to keep updated automatically

Since these issues usually are solved by the programmers who then agree to update the operating system, needless to say that you will have to keep the Windows system updated.

In this case, however, the .NET libraries are either installed externally by the user or are installed automatically through some program (graphics, text, video games, etc.).

Luckily for you, Windows Update has a curious feature: automatically updates all programs and applications (such as Microsoft Visual Studio and .NET).

To begin with, go to the Windows Update screen and this screen will appear.

Scrolling down you will notice the item “Advanced Options”, click on it and you will find yourself on this screen.

At this point it will be enough for you tick the first option “Receive updates for other Microsoft products when updating Windows”; this way you won’t need to manually find the resolution Windows will arrange itself to update the .NET libraries, since it considers them “its thing”, just like the Office package.

There is also to say that through optionalfeatures.exethe ticks related to .NET libraries may not be activated.

In this case, type optionalfeatures.exe on the windows bar, and make sure that the two famous ticks are activated.

The ticks are, as you can see the first two.

The importance of .NET for programmers and beyond

The .NET libraries are not only important for those who play or for those who use some programs and video games, but in some cases they are part of the IT security of the operating system.

Indeed they allow not only that the operating system is more secure if you install programs that go to Windows itself, but they allow communication with other operating systems, in some cases; for these and many other reasons they are very important libraries, but their importance should be discussed elsewhere.