.NET 7.0.13 and .NET 6.0.24 Released as a security update

.NET 6.0.24 and .NET 7.0.13 security update changes, and vulnerability fixes.

.NET 7.0.13 and .NET 6.0.24

The optional updates are released to .NET 7 and .NET 6. These previous updates were not cumulative, which has now been made up in the .NET 7.0.13 and .NET 6.0.24. As usual, these releases contain the .NET Runtime and ASP.NET Core Runtime.

Furthermore, For hosting stand-alone apps on Windows Servers. the update Includes the ASP.NET Core Module for IIS and can be installed separately on servers without installing .NET Runtime. The new version addresses vulnerabilities CVE-2023-36792 , CVE-2023-36793 , CVE-2023-36794 and CVE-2023-36796 , CVE-2023-36799 and CVE-2023-44487 . Besides, in .NET 7 CVE-2023-36435 and CVE-2023-38171 are all fixed by this update. The updates are available via Windows Update so simply start it up and allow the patch to install. You require Visual Studio 17.4 or later to use .NET 7.0+ on Windows. The C# extension for Visual Studio Code is compatible with .NET 7.0+ and C# 11.

.NET 6.0.24 and .NET 7.0.13 fixes and changes

The patch resolves the following vulnerabilities:

1) CVE-2023-36792 – .NET Remote Code Execution Vulnerability
2) CVE-2023-36793 – .NET Remote Code Execution Vulnerability
3) CVE-2023-36794 – .NET Remote Code Execution Vulnerability
4) CVE-2023-36796 – .NET Remote Code Execution Vulnerability
5) CVE-2023-36799 – .NET Denial of Service Vulnerability
6) CVE-2023-44487 – .NET Denial of Service Vulnerability
7) CVE-2023-38171 – .NET Denial of Service Vulnerability
8) CVE-2023-36435 – .NET Denial of Service Vulnerability

To know more about the above vulnerabilities, navigate to the concerned security advisory by clicking on the respective links.

Changes in .NET 7.0.13 and .NET 6.0.24

Includes the .NET Runtime and ASP.NET Core Runtime

For hosting stand-alone apps on Windows Servers. Includes the ASP.NET Core Module for IIS and can be installed separately on servers without installing .NET Runtime.

The .NET SDK incorporates a matching updated .NET Runtime. Remember that downloading the Runtime or ASP.NET Core packages is not required when installing the SDK.

To check your .NET SDK version you can use the below command.

$ dotnet --version
7.0.403

The example version shown is for this release.

Also, see: Windows 10 KB5028574 .NET Framework 4.8.1 for 22H2 and 21H2

Source:

Release notes: link1, link2.

That’s all!!

Sharing is caring    Share Whatsapp

 
You might like to read:

  • Windows 11 KB5027119 .Net Framework 4.8.1 and 3.5 for 22H2
  • Windows 11 KB5022497 .NET Framework 4.8.1 and 3.5 22H2 Rolled out
  • KB5017497 and KB5017024 .Net Framework update for Windows 11
  • KB5037771 Windows 11 22631.3593 and 22621.3593 update rolled out to 24H2
  • KB5036908 Windows 11 24H2 26100.268 is available to download
  • LCU KB5034765 Windows 11 22631.3155 23H2 update February 2024

    • Topics:  Windows update
      
    About Sunita
    Love to play with Windows 11 and 10. Suggestion - Going for Registry change or system files edit then remember to take a backup or create a restore point before Starting.