The US Cybersecurity and Infrastructure Security Agency (CISA) has updated its list of known exploited vulnerabilities to include a zero-day vulnerability affecting Microsoft’s.NET and Visual Studio products.
Microsoft’s August 2023 Patch Tuesday updates addressed the CVE-2023-38180 vulnerability as well as CVE-2023-36884, an Office flaw that Russian threat actors exploited. Denial-of-service (DoS) attacks are possible using CVE-2023-38180, and Microsoft stated in its advisory that it is aware of malicious exploitation.
On the attacks that took advantage of the vulnerability, no information is available. According to Microsoft’s advisory, remote exploitation is feasible and doesn’t require any user interaction or privileges.
Read More: CISA Warns Organizations of Exploited Vulnerability Affecting .NET, Visual Studio
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.
