Microsoft rolls out .NET June 2023 Updatesfor .NET 7.0 and 6.0, featuring security and non-security enhancements.
Security Upgrades
June 2023 updates tackle the following security vulnerabilities:
- CVE-2023-24895: Remote code execution risk in WPF for .NET.
- CVE-2023-24897: .NET vulnerability allowing remote code execution while reading debugging symbols.
- CVE-2023-24936: Elevation of privileges in .NET during DataSet or DataTable deserialization from XML.
- CVE-2023-29331: Denial of Service threat in .NET while processing X.509 certificates.
- CVE-2023-29337: Remote code execution vulnerability in NuGet on Linux.
- CVE-2023-32032: Privilege elevation in .NET when extracting Tar file contents.
- CVE-2023-33126: Loading of arbitrary binaries in .NET during crash and stack trace events.
- CVE-2023-33128: Generated code vulnerability in .NET source generator for P/Invokes, causing uninitialized memory to crash.
- CVE-2023-33135: Elevation of privileges risk in .NET SDK during tool restore.
Non-Security Enhancements
The June 2023 updates also bring:
- Performance boost for ASP.NET Core.
- Bug fixes in Entity Framework Core.
- Enhanced stability and dependability.
Upgrade Now!
For the June 2023 updates, developers can opt for their preferred package manager or grab the updates straight from the Microsoft website.
Don’t Wait, Update!
Microsoft urges all developers to install the June 2023 updates without delay. These updates tackle several critical vulnerabilities, which could potentially be exploited by cybercriminals.