Security News > 2023 > August > CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency has added a recently patched security flaw in Microsoft's.
NET and Visual Studio products to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation.
It was addressed by Microsoft as part of its August 2023 Patch Tuesday updates shipped earlier this week, tagging it with an "Exploitation More Likely" assessment.
While exact details surrounding the nature of exploitation are unclear, the Windows maker has acknowledged the existence of a proof-of-concept in its advisory.
It also said that attacks leveraging the flaw can be pulled off without any additional privileges or user interaction.
To mitigate potential risks, CISA has recommended Federal Civilian Executive Branch agencies to apply vendor-provided fixes for the vulnerability by August 30, 2023.
News URL
https://thehackernews.com/2023/08/cisa-adds-microsoft-net-vulnerability.html
Related news
- CISA Warns of Active Exploitation of Microsoft SharePoint Vulnerability (CVE-2024-38094) (source)
- CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability (source)
- CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability (source)
- Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) (source)
- Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser (source)
- CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack (source)
- Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation (source)
- Researchers Uncover OS Downgrade Vulnerability Targeting Microsoft Windows Kernel (source)
- PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released (source)
- Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation (source)