CVE-2023-36042: Visual Studio Denial of Service Vulnerability

Overview

Severity
Medium (CVSS 6.2)
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C
Category
Denial of Service
Exploit Status
Not Exploited
Exploitation Likelihood
Less Likely
Patch Tuesday
2023-Nov
Released
2023-11-14
Last Updated
2024-01-09
EPSS Score
0.10% (percentile: 28.5%)

Affected Products (17)

Developer Tools

  • Microsoft Visual Studio 2022 version 17.6
  • Microsoft Visual Studio 2022 version 17.7
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022 (Server Core installation)
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for x64-based Systems
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 version 21H2 for ARM64-based Systems
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for 32-bit Systems
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for ARM64-based Systems
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 21H2 for x64-based Systems
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for ARM64-based Systems
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 22H2 for x64-based Systems
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for x64-based Systems
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for ARM64-based Systems
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 10 Version 22H2 for 32-bit Systems
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for ARM64-based Systems
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows 11 Version 23H2 for x64-based Systems
  • Microsoft .NET Framework 3.5 AND 4.8.1 on Windows Server 2022, 23H2 Edition (Server Core installation)

Security Updates (7)

Acknowledgments

Anonymous

Revision History

  • 2023-11-14: Information published.
  • 2024-01-09: In the Security Updates table, added .NET Framework 3.5 and 4.8.1 installed on all supported versions of the following: Windows 10 version 21H2, Windows 10 version 22H2, Windows Server 2022, Windows 11 version 21H2, Windows 11 version 22H2, Windows 11 version 23H2, and Windows Server Windows Server 2022, 23H2 Edition (Server Core installation) as .NET Framework 4.8.1 is affected by this vulnerability. Microsoft recommends that customers install the January 2024 updates to be fully protected from this vulnerability. Customers whose systems are configured to receive automatic updates do not need to take any further action.