Security News > 2023 > August > CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency has added a recently patched security flaw in Microsoft's.
NET and Visual Studio products to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation.
It was addressed by Microsoft as part of its August 2023 Patch Tuesday updates shipped earlier this week, tagging it with an "Exploitation More Likely" assessment.
While exact details surrounding the nature of exploitation are unclear, the Windows maker has acknowledged the existence of a proof-of-concept in its advisory.
It also said that attacks leveraging the flaw can be pulled off without any additional privileges or user interaction.
To mitigate potential risks, CISA has recommended Federal Civilian Executive Branch agencies to apply vendor-provided fixes for the vulnerability by August 30, 2023.
News URL
https://thehackernews.com/2023/08/cisa-adds-microsoft-net-vulnerability.html
Related news
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (source)
- CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks (source)
- Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation (source)
- CISA shares guidance for Microsoft expanded logging capabilities (source)
- Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability (source)
- Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (source)
- CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 (source)
- CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks (source)
- CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability (source)
- Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation (source)