What is CVE-2023-24897?

CVE-2023-24897 is a Remote Code Execution vulnerability in .NET, .NET Framework, and Visual Studio.

Which software products are affected by CVE-2023-24897?

CVE-2023-24897 affects Microsoft PowerShell 7.2, .NET 6.0, Visual Studio 2017 (includes 15.0 - 15.8), Visual Studio 2019 (includes 16.0 - 16.10), and Visual Studio 2022.

What is the severity of CVE-2023-24897?

CVE-2023-24897 has a severity rating of 7.8, which is considered critical.

How can I fix CVE-2023-24897?

To fix CVE-2023-24897, you can apply the respective patches or updates provided by Microsoft for the affected software products.

Where can I find more information about CVE-2023-24897?

You can find more information about CVE-2023-24897 on the Microsoft Security Response Center's website.

Vulnerability/
CVE-2023-24897

high

7.8

CWE

122

13/6/2023

14/6/2023

1/1/2025

CVE-2023-24897: .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

First published: Tue Jun 13 2023(Updated: )

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability

Credit: secure@microsoft.com secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft .NET 6.0		fix available externally
Microsoft Visual Studio 2017 (includes 15.0 - 15.8)	=15.9	fix available externally
Microsoft Visual Studio 2022	=17.6	fix available externally
Microsoft Visual Studio 2013	=5	fix available externally
Microsoft Visual Studio 2019 (includes 16.0 - 16.10)	=16.11	fix available externally
Microsoft Visual Studio 2022	=17.0	fix available externally
Microsoft .NET 7.0		fix available externally
Microsoft Visual Studio 2022	=17.2	fix available externally
Microsoft Visual Studio 2015	=3	fix available externally
nuget/Microsoft.NetCore.App.Runtime.win-x86	>=6.0.0<=6.0.16	6.0.18
nuget/Microsoft.NetCore.App.Runtime.win-x64	>=6.0.0<=6.0.16	6.0.18
nuget/Microsoft.NetCore.App.Runtime.win-arm64	>=6.0.0<=6.0.16	6.0.18
nuget/Microsoft.NetCore.App.Runtime.win-arm	>=6.0.0<=6.0.16	6.0.18
nuget/Microsoft.NetCore.App.Runtime.win-x86	>=7.0.0<=7.0.5	7.0.7
nuget/Microsoft.NetCore.App.Runtime.win-x64	>=7.0.0<=7.0.5	7.0.7
nuget/Microsoft.NetCore.App.Runtime.win-arm64	>=7.0.0<=7.0.5	7.0.7
nuget/Microsoft.NetCore.App.Runtime.win-arm	>=7.0.0<=7.0.5	7.0.7
Microsoft PowerShell Core		fix available externally
All of
Microsoft .NET Framework	=4.8
Any of
Microsoft Windows 10 Version 1607 x86
Microsoft Windows 10 Version 1607 x86
Microsoft Windows Server 2008 Itanium	=r2-sp1
Microsoft Windows Server 2012 x64
Microsoft Windows Server 2012 x64	=r2
Microsoft Windows Server 2016
All of
Any of
Microsoft .NET Framework	=4.6.2
Microsoft .NET Framework	=4.7
Microsoft .NET Framework	=4.7.1
Microsoft .NET Framework	=4.7.2
Any of
Microsoft Windows Server 2008 Itanium	=r2-sp1
Microsoft Windows Server 2012 x64
Microsoft Windows Server 2012 x64	=r2
All of
Microsoft .NET Framework	=4.6.2
Any of
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft Windows Server 2012 x64
Microsoft Windows Server 2012 x64	=r2
All of
Any of
Microsoft .NET Framework	=3.5
Microsoft .NET Framework	=4.6.2
Any of
Microsoft Windows 10 1507
Microsoft Windows 10 1507
All of
Any of
Microsoft .NET Framework	=3.5
Microsoft .NET Framework	=4.8.1
Any of
Microsoft Windows 10 Version 1607 x86
Microsoft Windows 10 Version 1607 x86
Microsoft Windows 10 21h2
Microsoft Windows 10 21h2
Microsoft Windows 10 21h2
Microsoft Windows 10 22h2
Microsoft Windows 10 22h2
Microsoft Windows 10 22h2
Microsoft Windows 11 21h2
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 11 22h2
Microsoft Windows Server 2022
All of
Any of
Microsoft .NET Framework	=3.5
Microsoft .NET Framework	=4.8
Any of
Microsoft Windows 10 Version 1607 x86
Microsoft Windows 10 Version 1607 x86
Microsoft Windows 10 1809
Microsoft Windows 10 1809
Microsoft Windows 10 21h2
Microsoft Windows 10 21h2
Microsoft Windows 10 21h2
Microsoft Windows 10 22h2
Microsoft Windows 10 22h2
Microsoft Windows 10 22h2
Microsoft Windows 11 21h2
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 11 22h2
Microsoft Windows Server 2019
Microsoft Windows Server 2022
All of
Any of
Microsoft .NET Framework	=3.5
Microsoft .NET Framework	=4.7.2
Any of
Microsoft Windows 10 1809
Microsoft Windows 10 1809
Microsoft Windows Server 2019
All of
Any of
Microsoft .NET Framework	=3.5
Microsoft .NET Framework	=4.6.2
Microsoft .NET Framework	=4.7
Microsoft .NET Framework	=4.7.1
Microsoft .NET Framework	=4.7.2
Any of
Microsoft Windows 10 Version 1607 x86
Microsoft Windows 10 Version 1607 x86
Microsoft Windows Server 2016
Microsoft .NET Framework	=6.0.0
Microsoft .NET Framework	=7.0.0
Microsoft Visual Studio	=2015-update3
Microsoft Visual Studio	=2015-update5
Microsoft Visual Studio 2017	>=15.0<=15.8
Microsoft Visual Studio 2017	>=15.9<15.9.55
Microsoft Visual Studio 2019	>=16.0<=16.10
Microsoft Visual Studio 2019	>=16.11<16.11.27
Microsoft Visual Studio 2022	>=17.0<17.0.22
Microsoft Visual Studio 2022	>=17.2<17.2.16
Microsoft Visual Studio 2022	>=17.4<17.4.8
Microsoft Visual Studio 2022	>=17.6<17.6.3
Microsoft .NET Framework	=4.6.2=4.7=4.7.1=4.7.2	fix available externally fix available externally
Microsoft .NET Framework	=4.6.2	fix available externally fix available externally
Microsoft .NET Framework	=4.8	fix available externally fix available externally
Microsoft .NET Framework	=4.6.2=4.7=4.7.1=4.7.2	fix available externally fix available externally
Microsoft .NET Framework	=4.8	fix available externally fix available externally
Microsoft .NET Framework	=4.6.2=4.7=4.7.1=4.7.2	fix available externally fix available externally
Microsoft .NET Framework	=4.8	fix available externally fix available externally
Microsoft .NET Framework	=3.5=4.7.2	fix available externally
Microsoft .NET Framework	=3.5=4.6.2=4.7=4.7.1=4.7.2	fix available externally
Microsoft .NET Framework	=3.5=4.8	fix available externally
Microsoft .NET Framework	=4.8	fix available externally
Microsoft .NET Framework	=3.5=4.7.2	fix available externally
Microsoft .NET Framework	=3.5=4.8	fix available externally
Microsoft .NET Framework	=3.5=4.8.1	fix available externally
Microsoft .NET Framework	=3.5=4.8.1	fix available externally
Microsoft .NET Framework	=3.5=4.8	fix available externally
Microsoft .NET Framework	=3.5=4.8.1	fix available externally
Microsoft .NET Framework	=3.5=4.8.1	fix available externally
Microsoft .NET Framework	=3.5=4.8	fix available externally
Microsoft .NET Framework	=3.5=4.8.1	fix available externally
Microsoft .NET Framework	=4.8
Microsoft Windows 10 Version 1607 x86
Microsoft Windows 10 Version 1607 x86
Microsoft Windows Server 2008 Itanium	=r2-sp1
Microsoft Windows Server 2012 x64
Microsoft Windows Server 2012 x64	=r2
Microsoft Windows Server 2016
Microsoft .NET Framework	=4.6.2
Microsoft .NET Framework	=4.7
Microsoft .NET Framework	=4.7.1
Microsoft .NET Framework	=4.7.2
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft Windows Server 2008 Itanium	=sp2
Microsoft .NET Framework	=3.5
Microsoft Windows 10 1507
Microsoft Windows 10 1507
Microsoft .NET Framework	=4.8.1
Microsoft Windows 10 21h2
Microsoft Windows 10 21h2
Microsoft Windows 10 21h2
Microsoft Windows 10 22h2
Microsoft Windows 10 22h2
Microsoft Windows 10 22h2
Microsoft Windows 11 21h2
Microsoft Windows 11 21h2
Microsoft Windows 11 22h2
Microsoft Windows 11 22h2
Microsoft Windows Server 2022
Microsoft Windows 10 1809
Microsoft Windows 10 1809
Microsoft Windows Server 2019
Microsoft .NET Framework	=3.5	fix available externally

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-24897?
CVE-2023-24897 is a Remote Code Execution vulnerability in .NET, .NET Framework, and Visual Studio.
Which software products are affected by CVE-2023-24897?
CVE-2023-24897 affects Microsoft PowerShell 7.2, .NET 6.0, Visual Studio 2017 (includes 15.0 - 15.8), Visual Studio 2019 (includes 16.0 - 16.10), and Visual Studio 2022.
What is the severity of CVE-2023-24897?
CVE-2023-24897 has a severity rating of 7.8, which is considered critical.
How can I fix CVE-2023-24897?
To fix CVE-2023-24897, you can apply the respective patches or updates provided by Microsoft for the affected software products.
Where can I find more information about CVE-2023-24897?
You can find more information about CVE-2023-24897 on the Microsoft Security Response Center's website.

collector/msrc
agent/type
agent/first-publish-date
agent/references
agent/severity
agent/remedy
agent/title
agent/description
collector/msrc-cve
source/Microsoft
agent/software-canonical-lookup
agent/author
agent/weakness
collector/github-advisory-latest
source/GitHub
alias/GHSA-88q2-h5g3-p4pg
alias/CVE-2023-24897
agent/event
collector/github-advisory
agent/trending
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
collector/nvd-cve
collector/nvd-index
agent/softwarecombine
agent/tags
vendor/microsoft
canonical/microsoft .net 6.0
canonical/microsoft visual studio 2017 (includes 15.0 - 15.8)
version/microsoft visual studio 2017 (includes 15.0 - 15.8)/15.9
canonical/microsoft visual studio 2022
version/microsoft visual studio 2022/17.6
canonical/microsoft visual studio 2013
version/microsoft visual studio 2013/5
canonical/microsoft visual studio 2019 (includes 16.0 - 16.10)
version/microsoft visual studio 2019 (includes 16.0 - 16.10)/16.11
version/microsoft visual studio 2022/17.4
version/microsoft visual studio 2022/17.0
canonical/microsoft .net 7.0
version/microsoft visual studio 2022/17.2
canonical/microsoft visual studio 2015
version/microsoft visual studio 2015/3
package-manager/nuget
canonical/microsoft powershell core
canonical/microsoft .net framework
version/microsoft .net framework/4.8
canonical/microsoft windows 10 version 1607 x86
canonical/microsoft windows server 2008 itanium
version/microsoft windows server 2008 itanium/r2-sp1
canonical/microsoft windows server 2012 x64
version/microsoft windows server 2012 x64/r2
canonical/microsoft windows server 2016
version/microsoft .net framework/4.6.2
version/microsoft .net framework/4.7
version/microsoft .net framework/4.7.1
version/microsoft .net framework/4.7.2
version/microsoft windows server 2008 itanium/sp2
version/microsoft .net framework/3.5
canonical/microsoft windows 10 1507
version/microsoft .net framework/4.8.1
canonical/microsoft windows 10 21h2
canonical/microsoft windows 10 22h2
canonical/microsoft windows 11 21h2
canonical/microsoft windows 11 22h2
canonical/microsoft windows server 2022
canonical/microsoft windows 10 1809
canonical/microsoft windows server 2019
version/microsoft .net framework/6.0.0
version/microsoft .net framework/7.0.0
canonical/microsoft visual studio
version/microsoft visual studio/2015-update3
version/microsoft visual studio/2015-update5
canonical/microsoft visual studio 2017
version/microsoft visual studio 2017/15.0
version/microsoft visual studio 2017/15.8
version/microsoft visual studio 2017/15.9
canonical/microsoft visual studio 2019
version/microsoft visual studio 2019/16.0
version/microsoft visual studio 2019/16.10
version/microsoft visual studio 2019/16.11