September 12th, 2023

.NET September 2023 Updates – .NET 7.0.11, .NET 6.0.22

Rahul Bhandari (MSFT)
Program Manager

Today, we are releasing the .NET September 2023 Updates. These updates contain security and non-security improvements. Your app may be vulnerable if you have not deployed a recent .NET update.

You can download 7.0.11 and 6.0.22 versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.

Windows Package Manager CLI (winget)

You can now install .NET updates using the Windows Package Manager CLI (winget):

  • To install the .NET 7 runtime: winget install dotnet-runtime-7
  • To install the .NET 7 SDK: winget install dotnet-sdk-7
  • To update an existing installation: winget upgrade

See Install with Windows Package Manager (winget) for more information.

Improvements

Security

Note: The vulnerabilities CVE-2023-36792, CVE-2023-36793, CVE-2023-36792, CVE-2023-36796 are all resolved by a single patch. Get this update to resolve all of them.

CVE-2023-36792 – .NET Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.

CVE-2023-36793 – .NET Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.

CVE-2023-36794 – .NET Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.

CVE-2023-36796 – .NET Remote Code Execution Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.

CVE-2023-36799 – .NET Denial of Service Vulnerability

Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.

A vulnerability exists in .NET where reading a maliciously crafted X.509 certificate may result in Denial of Service. This issue only affects Linux systems.

Visual Studio

See release notes for Visual Studio compatibility for .NET 7.0 and .NET 6.0.

Author

Rahul Bhandari (MSFT)
Program Manager

I am a Program Manager on .NET team. I specializes in .NET release processes. University of Florida Alumnus.

2 comments

Discussion is closed. Login to edit/delete existing comments.

Newest
Newest
Popular
Oldest

Feedback