Security News > 2023 > August > CISA Adds Microsoft .NET Vulnerability to KEV Catalog Due to Active Exploitation
The U.S. Cybersecurity and Infrastructure Security Agency has added a recently patched security flaw in Microsoft's.
NET and Visual Studio products to its Known Exploited Vulnerabilities catalog, citing evidence of active exploitation.
It was addressed by Microsoft as part of its August 2023 Patch Tuesday updates shipped earlier this week, tagging it with an "Exploitation More Likely" assessment.
While exact details surrounding the nature of exploitation are unclear, the Windows maker has acknowledged the existence of a proof-of-concept in its advisory.
It also said that attacks leveraging the flaw can be pulled off without any additional privileges or user interaction.
To mitigate potential risks, CISA has recommended Federal Civilian Executive Branch agencies to apply vendor-provided fixes for the vulnerability by August 30, 2023.
News URL
https://thehackernews.com/2023/08/cisa-adds-microsoft-net-vulnerability.html
Related news
- CISA Adds Microsoft and Zimbra Flaws to KEV Catalog Amid Active Exploitation (source)
- CISA Adds NAKIVO Vulnerability to KEV Catalog Amid Active Exploitation (source)
- CISA Adds CrushFTP Vulnerability to KEV Catalog Following Confirmed Active Exploitation (source)
- Microsoft Patches Actively Exploited Power Pages Privilege Escalation Vulnerability (source)
- CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks (source)
- Ransomware criminals love CISA's KEV list – and that's a bug, not a feature (source)
- Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm (source)
- CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List (source)
- Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk (source)
- CISA Warns of Active Exploitation in GitHub Action Supply Chain Compromise (source)