Microsoft has released a security report detailing a newly discovered vulnerability affecting various .NET software versions.
The flaw, tracked as CVE-2022-41089, is a remote code execution vulnerability that affects the following products:
Exploiting the vulnerability could allow threat actors to run arbitrary code on compromised machines by parsing maliciously crafted XPS files. Microsoft has yet to identify mitigations for the flaw.
According to the security advisory, the vulnerability doesn’t affect applications that don’t use WinForms or WPF and applications targeting any non-Windows platform, such as Android, Linux, iOS and Mac.
The announcement includes a list of exposed package versions and a stern recommendation to update to the latest version of .NET to prevent attacks exploiting the flaw.
Users who have installed .NET SDKs through Visual Studio should update the host application, which will automatically update any outdated SDKs. Self-contained applications targeting impacted versions are also vulnerable to the flaw; they must be recompiled and redeployed to fix the issue.
Although .NET 7.0, .NET 6.0, and .NET Core 3.1 updates can be downloaded and installed manually, they can also be found within Microsoft Update. A quick way to check if you’re up to date is by typing “Check for updates” in the Windows search bar and accessing the appropriate option from the results list.
After installing the updated runtimes or SDKs, restart the apps for the updates to take effect.
Specialized software such as Bitdefender Ultimate Security can keep you safe from exploitable vulnerabilities and other e-threats with its extensive library of features, including:
tags
Vlad's love for technology and writing created rich soil for his interest in cybersecurity to sprout into a full-on passion. Before becoming a Security Analyst, he covered tech and security topics.
View all postsSeptember 06, 2024
September 02, 2024
August 13, 2024