Microsoft .NET Core and Visual Studio Flaw Let hackers Launch Denial of Service Attack

As per reports, Microsoft .NET core and Visual Studio were found with a Denial of Service, which can be exploited by threat actors. Microsoft has released patches to fix this vulnerability for both .NET and Visual Studio Products.

RedHat stated that this vulnerability allows a threat actor to bypass the QUIC stream limit in both ASP.NET and .NET runtimes in the HTTP version 3, which causes a Denial of Service vulnerability. RedHat has also released patches for this vulnerability.

This vulnerability has a low exploitability vector. However, this highly affects the availability of the CIA triad of Microsoft products. 

Ubuntu Plugins

In addition to this, Tenable has released plugins to find this vulnerability through Nessus scans. 

179502Ubuntu 23.04: .NET vulnerabilities (USN-6278-1)NessusUbuntu Local Security ChecksHIGH
179584Ubuntu 23.04 : .NET vulnerabilities (USN-6278-1)NessusUbuntu Local Security ChecksHIGH
FREE Webinar

API Security Fundamentals: How to Discover, Scan and Protect APIs

API Attacks Have Increased by 400% – Understand the Fundamentals of Protecting Your APIs with a Positive Security Model – Register Now for a Free Webinar

CVE-2023-38178: .NET Core and Visual Studio Denial of Service Vulnerability

This is a Denial of Service vulnerability that threat actors can exploit to make the service unavailable to ordinary users. The CVSS Score for this vulnerability was given as 7.5 (High). Microsoft has confirmed the confidence of this vulnerability.

Affected Products

Products that were affected due to this Denial of Service vulnerability include the following.

Affected ProductsVersion
Microsoft Visual Studio 202217.4
Microsoft Visual Studio 202217.2

Fixed in Version

Microsoft has released patches for the affected products as below.

ProductFixed in Version
Microsoft Visual Studio 202217.4.10
Microsoft Visual Studio 202217.2.18

Users of these products are recommended to upgrade to the latest versions of these products to prevent threat actors from exploiting them.

Keep informed about the latest Cyber Security News by following us on GoogleNews, Linkedin, Twitter, and Facebook.

Eswar is a Cyber security reporter with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is reporting data breach, Privacy and APT Threats.