July 11th, 2023

.NET July 2023 Updates – .NET 7.0.9, .NET 6.0.20

Rahul Bhandari (MSFT)
Senior Program Manager

Today, we are releasing the .NET July 2023 Updates. These updates contain security and non-security improvements. Your app may be vulnerable if you have not deployed a recent .NET update.

You can download 7.0.9 and 6.0.20 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.

Windows Package Manager CLI (winget)

You can now install .NET updates using the Windows Package Manager CLI (winget):

  • To install the .NET 7 runtime: winget install dotnet-runtime-7
  • To install the .NET 7 SDK: winget install dotnet-sdk-7
  • To update an existing installation: winget upgrade

See Install with Windows Package Manager (winget) for more information.

Security

CVE-2023-33127 – .NET Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in .NET applications where the diagnostic server can be exploited to achieve cross-session/cross-user elevation of privilege (EoP) and code execution.

CVE-2023-33170 – .NET Security Feature Bypass Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 2.1 and above. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in ASP.NET Core applications where account lockout maximum failed attempts may not be immediately updated, allowing an attacker to try more passwords.

Visual Studio

See release notes for Visual Studio compatibility for .NET 7.0 and .NET 6.0.

Author

Rahul Bhandari (MSFT)
Senior Program Manager

I am a Program Manager on .NET team. I specializes in .NET release processes. University of Florida Alumnus.

0 comments

Discussion are closed.