What is the severity of CVE-2023-24895?

CVE-2023-24895 is classified as a remote code execution vulnerability with a critical severity rating.

How do I fix CVE-2023-24895?

To fix CVE-2023-24895, upgrade your affected .NET Framework or Visual Studio installation to the latest version as recommended by Microsoft.

Which versions are affected by CVE-2023-24895?

CVE-2023-24895 affects specific versions of .NET Framework, Visual Studio, and the Microsoft.WindowsDesktop.App.Runtime packages.

What are the potential impacts of CVE-2023-24895?

The potential impacts of CVE-2023-24895 include unauthorized access and execution of arbitrary code on affected systems.

Is CVE-2023-24895 under active exploitation?

As of now, there are reports indicating that CVE-2023-24895 is being actively exploited in the wild.

Vulnerability/
CVE-2023-24895

high

7.8

13/6/2023

14/6/2023

1/1/2025

CVE-2023-24895: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

First published: Tue Jun 13 2023(Updated: )

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Credit: secure@microsoft.com

Affected Software	Affected Version	How to fix
nuget/Microsoft.WindowsDesktop.App.Runtime.win-x86	>=6.0.0<=6.0.16	6.0.18
nuget/Microsoft.WindowsDesktop.App.Runtime.win-x64	>=6.0.0<=6.0.16	6.0.18
nuget/Microsoft.WindowsDesktop.App.Runtime.win-arm64	>=6.0.0<=6.0.16	6.0.18
nuget/Microsoft.WindowsDesktop.App.Runtime.win-x86	>=7.0.0<=7.0.5	7.0.7
nuget/Microsoft.WindowsDesktop.App.Runtime.win-x64	>=7.0.0<=7.0.5	7.0.7
nuget/Microsoft.WindowsDesktop.App.Runtime.win-arm64	>=7.0.0<=7.0.5	7.0.7
Microsoft .NET 7.0		fix available externally
Microsoft .NET Framework	=3.5	fix available externally
Microsoft PowerShell		fix available externally
Microsoft PowerShell		fix available externally
Microsoft .NET Framework 4	=3.0	fix available externally fix available externally
Microsoft .NET Framework 4	=2.0	fix available externally fix available externally
Microsoft .NET Framework 4	=2.0	fix available externally fix available externally
Microsoft .NET Framework 4	=4.6.2	fix available externally fix available externally
Microsoft .NET Framework 4	=3.5.1	fix available externally fix available externally
Microsoft .NET Framework 4	=3.0	fix available externally fix available externally
Microsoft .NET Framework 4	=4.8	fix available externally fix available externally
Microsoft .NET Framework 4	=4.6.2=4.7=4.7.1=4.7.2	fix available externally fix available externally
Microsoft .NET Framework 4	=4.8	fix available externally fix available externally
Microsoft .NET Framework 4	=3.5	fix available externally fix available externally
Microsoft .NET Framework 4	=4.6.2=4.7=4.7.1=4.7.2	fix available externally fix available externally
Microsoft .NET Framework 4	=4.6.2=4.7=4.7.1=4.7.2	fix available externally fix available externally
Microsoft .NET Framework 4	=4.8	fix available externally fix available externally
Microsoft .NET Framework 4	=3.5=4.6.2=4.7=4.7.1=4.7.2	fix available externally
Microsoft .NET Framework 4	=3.5	fix available externally fix available externally
Microsoft .NET Framework 4	=4.8	fix available externally
Microsoft .NET Framework 4	=3.5=4.8	fix available externally
Microsoft .NET Framework 4	=3.5=4.7.2	fix available externally
Microsoft .NET Framework 4	=3.5=4.7.2	fix available externally
Microsoft .NET Framework 4	=3.5=4.8.1	fix available externally
Microsoft .NET Framework 4	=3.5=4.8	fix available externally
Microsoft .NET Framework 4	=3.5=4.8.1	fix available externally
Microsoft .NET Framework 4	=3.5=4.8	fix available externally
Microsoft .NET Framework 4	=3.5=4.8.1	fix available externally
Microsoft .NET Framework 4	=3.5=4.8	fix available externally
Microsoft .NET Framework 4	=3.5=4.8.1	fix available externally
Microsoft .NET Framework 4	=3.5=4.8.1	fix available externally
Visual Studio Community 2022	=17.2	fix available externally
Visual Studio Community 2022	=17.4	fix available externally
Visual Studio Community 2022	=17.0	fix available externally
Microsoft .NET Framework 4	=4.8
Microsoft Windows 10
Microsoft Windows 10
Microsoft Windows Server	=r2-sp1
Microsoft Windows Server
Microsoft Windows Server	=r2
Microsoft Windows Server 2016
Microsoft .NET Framework 4	=4.6.2
Microsoft .NET Framework 4	=4.7
Microsoft .NET Framework 4	=4.7.1
Microsoft .NET Framework 4	=4.7.2
Microsoft Windows Server	=sp2
Microsoft Windows Server	=sp2
Microsoft .NET Framework 4	=3.5.1
Microsoft .NET Framework 4	=3.5
Microsoft Windows 10
Microsoft Windows 10
Microsoft .NET Framework 4	=4.8.1
Microsoft Windows 10
Microsoft Windows 10
Microsoft Windows 10
Microsoft Windows 10
Microsoft Windows 10
Microsoft Windows 10
Windows 11
Windows 11
Windows 11
Windows 11
Microsoft Windows Server 2022
Microsoft Windows 10
Microsoft Windows 10
Microsoft Windows Server 2019
Microsoft .NET Framework 4	=3.0-sp2
Microsoft .NET Framework 4	=2.0-sp2
Microsoft .NET Framework	=6.0.0
Microsoft .NET Framework	=7.0.0
Visual Studio Community 2022	>=17.0<17.0.22
Visual Studio Community 2022	>=17.2<17.2.16
Visual Studio Community 2022	>=17.4<17.4.8
Visual Studio Community 2022	>=17.6<17.6.3

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-24895?
CVE-2023-24895 is classified as a remote code execution vulnerability with a critical severity rating.
How do I fix CVE-2023-24895?
To fix CVE-2023-24895, upgrade your affected .NET Framework or Visual Studio installation to the latest version as recommended by Microsoft.
Which versions are affected by CVE-2023-24895?
CVE-2023-24895 affects specific versions of .NET Framework, Visual Studio, and the Microsoft.WindowsDesktop.App.Runtime packages.
What are the potential impacts of CVE-2023-24895?
The potential impacts of CVE-2023-24895 include unauthorized access and execution of arbitrary code on affected systems.
Is CVE-2023-24895 under active exploitation?
As of now, there are reports indicating that CVE-2023-24895 is being actively exploited in the wild.

collector/msrc
collector/github-advisory-latest
alias/GHSA-jh2h-qcrw-ghg7
alias/CVE-2023-24895
collector/github-advisory
agent/type
agent/first-publish-date
agent/references
agent/severity
agent/remedy
agent/title
agent/description
collector/msrc-cve
source/Microsoft
agent/event
agent/software-canonical-lookup
agent/trending
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/software-canonical-lookup-request
agent/author
agent/softwarecombine
agent/tags
collector/nvd-cve
collector/nvd-index
package-manager/nuget
vendor/microsoft
canonical/microsoft .net 7.0
canonical/microsoft .net framework
version/microsoft .net framework/3.5
canonical/microsoft powershell
canonical/microsoft .net framework 4
version/microsoft .net framework 4/3.0
version/microsoft .net framework 4/2.0
version/microsoft .net framework 4/4.6.2
version/microsoft .net framework 4/3.5.1
version/microsoft .net framework 4/4.8
version/microsoft .net framework 4/4.7
version/microsoft .net framework 4/4.7.1
version/microsoft .net framework 4/4.7.2
version/microsoft .net framework 4/3.5
version/microsoft .net framework 4/4.8.1
canonical/visual studio community 2022
version/visual studio community 2022/17.2
version/visual studio community 2022/17.4
version/visual studio community 2022/17.6
version/visual studio community 2022/17.0
canonical/microsoft windows 10
canonical/microsoft windows server
version/microsoft windows server/r2-sp1
version/microsoft windows server/r2
canonical/microsoft windows server 2016
version/microsoft windows server/sp2
canonical/windows 11
canonical/microsoft windows server 2022
canonical/microsoft windows server 2019
version/microsoft .net framework 4/3.0-sp2
version/microsoft .net framework 4/2.0-sp2
version/microsoft .net framework/6.0.0
version/microsoft .net framework/7.0.0