January 10th, 2023

.NET January 2023 Updates – .NET 7.0.2, .NET 6.0.13

Dominique Whittaker
Senior Program Manager

Today, we are releasing the .NET January 2023 Updates. These updates contain security and non-security improvements. Your app may be vulnerable if you have not deployed a recent .NET update.

You can download 7.0.2 and 6.0.13 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.

Security

CVE-2023-21538 – .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in.NET 6.0.. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A denial of service vulnerability exists in .NET 6.0 where a malicious client could cause a stack overflow which may result in a denial of service attack when an attacker sends an invalid request to an exposed endpoint.

Visual Studio

See release notes for Visual Studio compatibility for .NET 7.0 and .NET 6.0.

Author

Dominique Whittaker
Senior Program Manager

5 comments

Discussion is closed. Login to edit/delete existing comments.

  • 当空 皓月

    Does .NET 7.0 Runtime support Windows 7 and Windows 8.1?

  • Mystery Man

    Hello, Ms. Whittaker. A belated happy new year to you. 🎄🎉

    Link #1 is broken.

    • Dominique WhittakerMicrosoft employee Author

      Happy New Year Mystery Man! I can always count on you to keep me honest – link has been updated :). I hope you’re doing well!

      • Mystery Man

        I hate to be a pest but, regrettably, it is still broken.

        I believe the correct number at the end of the link is 245, not 8090.

      • Dominique WhittakerMicrosoft employee Author

        You’re not a pest at all. I pulled a different link (moving too fast!). Now it’s right. So sorry!