{"id":48270,"date":"2023-10-10T10:04:00","date_gmt":"2023-10-10T17:04:00","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/dotnet\/?p=48270"},"modified":"2024-12-13T14:03:41","modified_gmt":"2024-12-13T22:03:41","slug":"october-2023-updates","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet\/october-2023-updates\/","title":{"rendered":".NET October 2023 Updates \u2013 .NET 7.0.13, .NET 6.0.24"},"content":{"rendered":"<p><em>10\/24\/2023: this post was revised to update the October 10, 2023 security releases. Today&#8217;s .NET 7.0.13 and .NET 6.0.24 releases contain the security fixes from our previous September release that were missing in the October release.<\/em><\/p>\n<p>You can download <a href=\"https:\/\/dotnet.microsoft.com\/download\/dotnet\/7.0\">7.0.13<\/a> and <a href=\"https:\/\/dotnet.microsoft.com\/download\/dotnet\/6.0\">6.0.24<\/a> versions for Windows, macOS, and Linux, for x86, x64, Arm32, and Arm64.<\/p>\n<ul>\n<li>Installers and binaries: <a href=\"https:\/\/dotnet.microsoft.com\/download\/dotnet\/7.0\">7.0.13<\/a> | <a href=\"https:\/\/dotnet.microsoft.com\/download\/dotnet\/6.0\">6.0.24<\/a><\/li>\n<li>Release notes: <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/main\/release-notes\/7.0\/7.0.13\/7.0.13.md\">7.0.13<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/main\/release-notes\/6.0\/6.0.24\/6.0.24.md\">6.0.24<\/a><\/li>\n<li><a href=\"https:\/\/mcr.microsoft.com\/catalog?search=dotnet\/\">Container images<\/a><\/li>\n<li>Linux packages: <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/main\/release-notes\/7.0\/install-linux.md\">7.0.13<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/main\/release-notes\/6.0\/install-linux.md\">6.0.24<\/a><\/li>\n<li><a href=\"https:\/\/github.com\/dotnet\/core\/issues\/8856\">Release feedback\/issue<\/a><\/li>\n<li>Known issues: <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/main\/release-notes\/7.0\/known-issues.md\">7.0<\/a> | <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/main\/release-notes\/6.0\/known-issues.md\">6.0<\/a><\/li>\n<\/ul>\n<h2>Security<\/h2>\n<p><span style=\"font-size: 14pt;\"><strong><em>September 12, 2023 Security Updates<\/em><\/strong><\/span><\/p>\n<p>Note: The vulnerabilities <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-36792\">CVE-2023-36792<\/a>, <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-36793\">CVE-2023-36793<\/a>, <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-36794\">CVE-2023-36792<\/a>, <a href=\"https:\/\/www.cve.org\/CVERecord?id=CVE-2023-36796\">CVE-2023-36796<\/a> are all resolved by a single patch. Get this update to resolve all of them.<\/p>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36792\">CVE-2023-36792 &#8211; .NET Remote Code Execution Vulnerability<\/a><\/p>\n<p>Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.<\/p>\n<p>A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.<\/p>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36793\">CVE-2023-36793 &#8211; .NET Remote Code Execution Vulnerability<\/a><\/p>\n<p>Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.<\/p>\n<p>A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.<\/p>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36794\">CVE-2023-36794 &#8211; .NET Remote Code Execution Vulnerability<\/a><\/p>\n<p>Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.<\/p>\n<p>A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.<\/p>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36796\">CVE-2023-36796 &#8211; .NET Remote Code Execution Vulnerability<\/a><\/p>\n<p>Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.<\/p>\n<p>A vulnerability exists in Microsoft.DiaSymReader.Native.amd64.dll when reading a corrupted PDB file which may lead to remote code execution. This issue only affects Windows systems.<\/p>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36799\">CVE-2023-36799 &#8211; .NET Denial of Service Vulnerability<\/a><\/p>\n<p>Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.<\/p>\n<p>A vulnerability exists in .NET where reading a maliciously crafted X.509 certificate may result in Denial of Service. This issue only affects Linux systems.<\/p>\n<h2><\/h2>\n<p><span style=\"font-size: 14pt;\"><strong><em>October 10, 2023 Security Updates<\/em><\/strong><\/span><\/p>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-44487\">CVE-2023-44487 &#8211; .NET Denial of Service Vulnerability<\/a><\/p>\n<p>Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 RC1, .NET 7.0 ,and .NET 6.0. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability. A patch for this vulnerability (nicknamed &#8220;Rapid Reset&#8221;) is being released in coordination with other industry partners.<\/p>\n<p>A vulnerability exists in the ASP.NET Core Kestrel web server where a malicious client may flood the server with specially crafted HTTP\/2 requests, causing denial of service.<\/p>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-38171\">CVE-2023-38171 &#8211; .NET Denial of Service Vulnerability<\/a><\/p>\n<p>Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0 RC1. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.<\/p>\n<p>A null pointer vulnerability exists in MsQuic.dll which may lead to Denial of Service. This issue only affects Windows systems.<\/p>\n<p><a href=\"https:\/\/msrc.microsoft.com\/update-guide\/vulnerability\/CVE-2023-36435\">CVE-2023-36435 &#8211; .NET Denial of Service Vulnerability<\/a><\/p>\n<p>Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 8.0 RC1. This advisory also provides guidance on what developers can do to update their applications to address this vulnerability.<\/p>\n<p>A memory leak vulnerability exists in MsQuic.dll which may lead to Denial of Service. This issue only affects Windows systems.<\/p>\n<h2>Visual Studio<\/h2>\n<p>See release notes for Visual Studio compatibility for <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/main\/release-notes\/7.0\/7.0.12\/7.0.12.md#visual-studio-compatibility\">.NET 7.0<\/a> and <a href=\"https:\/\/github.com\/dotnet\/core\/blob\/main\/release-notes\/6.0\/6.0.23\/6.0.23.md#visual-studio-compatibility\">.NET 6.0<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Check out latest October 2023 updates for .NET 7.0 and .NET 6.0<\/p>\n","protected":false},"author":7455,"featured_media":48520,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[685,7600],"tags":[],"class_list":["post-48270","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-dotnet","category-maintenance-and-updates"],"acf":[],"blog_post_summary":"<p>Check out latest October 2023 updates for .NET 7.0 and .NET 6.0<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/48270","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/users\/7455"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/comments?post=48270"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/posts\/48270\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media\/48520"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/media?parent=48270"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/categories?post=48270"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet\/wp-json\/wp\/v2\/tags?post=48270"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}