CVE-2024-43498
published 2024-11-12CVE-2024-43498: .NET and Visual Studio Remote Code Execution Vulnerability
PriorityP263critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
3.51%
87.7th percentile
.NET and Visual Studio Remote Code Execution Vulnerability
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_visual_studio_2022_version_17.10 | >= 17.10 < 17.10.9 | 17.10.9 |
| microsoft | microsoft_visual_studio_2022_version_17.11 | >= 17.11 < 17.11.6 | 17.11.6 |
| microsoft | microsoft_visual_studio_2022_version_17.6 | >= 17.6.0 < 17.6.21 | 17.6.21 |
| microsoft | microsoft_visual_studio_2022_version_17.8 | >= 17.8.0 < 17.8.16 | 17.8.16 |
| microsoft | net | — | — |
| microsoft | net_9.0 | >= 9.0.0 < 9.0.0 | 9.0.0 |
| microsoft | powershell_7.5 | >= 7.5.0 < 7.5.0 | 7.5.0 |
| microsoft | visual_studio_2022 | >= 17.10.0 < 17.10.9 | 17.10.9 |
| microsoft | visual_studio_2022 | >= 17.11.0 < 17.11.6 | 17.11.6 |
| microsoft | visual_studio_2022 | >= 17.6 < 17.6.21 | 17.6.21 |
| microsoft | visual_studio_2022 | >= 17.8 < 17.8.16 | 17.8.16 |
| msrc | microsoft_visual_studio_2022_version_17.10 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.11 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.6 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.8 | — | — |
| msrc | net_9.0_installed_on_linux | — | — |
| msrc | net_9.0_installed_on_mac_os | — | — |
| msrc | net_9.0_installed_on_windows | — | — |
| msrc | powershell_7.5_installed_on_linux | — | — |
| msrc | powershell_7.5_installed_on_macos | — | — |
| msrc | powershell_7.5_installed_on_windows | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is in the .NET Core NrbfDecoder component; monitor for type confusion exploitation attempts targeting this component in .NET 9.0 applications ↗
- →Attack vector includes specially crafted HTTP requests to .NET web applications — inspect/alert on anomalous or malformed requests to .NET 9.0 webapps ↗
- →Attack vector also includes loading a specially crafted file into a vulnerable .NET 9.0 desktop application — monitor for suspicious file loads in .NET desktop app processes ↗
- ·This vulnerability is limited exclusively to .NET 9.0 Core; all other .NET versions (6.0, 7.0, 8.0) are NOT affected and do not require remediation for this CVE ↗
- ·No mitigation is available from Red Hat; patching via system update is the only remediation path ↗
- ·Exploit has not been publicly disclosed or observed in the wild at time of advisory publication ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ghsa9.8CRITICAL
osv9.8CRITICAL
vendor_msrc9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
.NET Remote Code Execution Vulnerability
ghsa·2024-11-12·CVSS 9.8
CVE-2024-43498 [CRITICAL] .NET Remote Code Execution Vulnerability
.NET Remote Code Execution Vulnerability
# Microsoft Security Advisory CVE-2024-43498 | .NET Remote Code Execution Vulnerability
## Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to a .NET vulnerable webapp or loading a specially crafted file into a vulnerable application.
## Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/334
## Mitigation factors
Applications that do not use the NrbfDecoder component are not affected by this vu
OSV
CVE-2024-43498
osv·2024-11-12·CVSS 9.8
CVE-2024-43498 [CRITICAL] CVE-2024-43498
.NET and Visual Studio Remote Code Execution Vulnerability
OSV
dotnet9 vulnerabilities
osv·2024-11-12·CVSS 9.8
CVE-2024-43498 [CRITICAL] dotnet9 vulnerabilities
dotnet9 vulnerabilities
It was discovered that the NrbfDecoder component in .NET did not properly
handle an instance of a type confusion vulnerability. An authenticated
attacker could possibly use this issue to gain the privileges of another
user and execute arbitrary code. (CVE-2024-43498)
It was discovered that the NrbfDecoder component in .NET did not properly
perform input validation. An unauthenticated remote attacker could possibly
use this issue to cause a denial of service. (CVE-2024-43499)
OSV
.NET Remote Code Execution Vulnerability
osv·2024-11-12·CVSS 9.8
CVE-2024-43498 [CRITICAL] .NET Remote Code Execution Vulnerability
.NET Remote Code Execution Vulnerability
# Microsoft Security Advisory CVE-2024-43498 | .NET Remote Code Execution Vulnerability
## Executive summary
Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 9.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.
A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to a .NET vulnerable webapp or loading a specially crafted file into a vulnerable application.
## Announcement
Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/334
## Mitigation factors
Applications that do not use the NrbfDecoder component are not affected by this vu
Red Hat
dotnet: Type confusion vulnerability leads to AV in .NET Core NrbfDecoder component
vendor_redhat·2024-11-12·CVSS 9.8
CVE-2024-43498 [CRITICAL] CWE-704 dotnet: Type confusion vulnerability leads to AV in .NET Core NrbfDecoder component
dotnet: Type confusion vulnerability leads to AV in .NET Core NrbfDecoder component
.NET and Visual Studio Remote Code Execution Vulnerability
A type confusion vulnerability was found in .NET 9.0 Core in .NET that leads to AV in the .NET Core NrbfDecoder component.
Statement: This issue is limited to .NET Core 9.0 only. No other versions are expected to be vulnerable to this flaw.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: dotnet8.0 (Red Hat Enterprise Linux 10) - Not affected
Package: dotnet9.0 (Red Hat Enterprise Linux 10) - Not affected
Package: dotnet6.0 (Red Hat Enterpr
Microsoft
.NET and Visual Studio Remote Code Execution Vulnerability
vendor_msrc·2024-11-12·CVSS 9.8
CVE-2024-43498 [CRITICAL] CWE-843 .NET and Visual Studio Remote Code Execution Vulnerability
.NET and Visual Studio Remote Code Execution Vulnerability
FAQ: How could an attacker exploit this vulnerability?
A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to a vulnerable .NET webapp or by loading a specially crafted file into a vulnerable desktop app.
.NET and Visual Studio: .NET and Visual Studio
Microsoft: Microsoft
Customer Action Required: Yes
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely
Remediation: Release Note
Reference: https://github.com/PowerShell/Announcements/issues/74
Remediation: Release Notes
Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8
Reference: https://learn.microsoft.com/en-u
Ubuntu
.NET vulnerabilities
vendor_ubuntu·2024-11-12·CVSS 9.8
CVE-2024-43499 [CRITICAL] .NET vulnerabilities
Title: .NET vulnerabilities
Summary: Several security issues were fixed in .NET.
It was discovered that the NrbfDecoder component in .NET did not properly
handle an instance of a type confusion vulnerability. An authenticated
attacker could possibly use this issue to gain the privileges of another
user and execute arbitrary code. (CVE-2024-43498)
It was discovered that the NrbfDecoder component in .NET did not properly
perform input validation. An unauthenticated remote attacker could possibly
use this issue to cause a denial of service. (CVE-2024-43499)
Instructions: In general, a standard system update will make all the necessary changes.
No detection rules found.
No public exploits indexed.
Krebs
Microsoft Patch Tuesday, November 2024 Edition
blogs_krebs·2024-11-13·CVSS 6.5
CVE-2024-49039 [MEDIUM] Microsoft Patch Tuesday, November 2024 Edition
Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.
The zero-day flaw tracked as CVE-2024-49039 is a bug in the Windows Task Scheduler that allows an attacker to increase their privileges on a Windows machine. Microsoft credits Google’s Threat Analysis Group with reporting the flaw.
The second bug fixed this month that is already seeing in-the-wild exploitation is CVE-2024-43451, a spoofing flaw that could reveal Net-NTLMv2 hashes, which are used for authentication in Windows environments.
Satnam Narang, senior staff research engine
Qualys
November 2024 Patch Tuesday Updates for Microsoft & Adobe | Qualys
blogs_qualys·2024-11-12·CVSS 6.5
[MEDIUM] November 2024 Patch Tuesday Updates for Microsoft & Adobe | Qualys
#### Table of Contents
- Microsoft Patch Tuesday for November 2024
- Adobe Patches for November 2024
- Zero-day Vulnerabilities Patched in November Patch Tuesday Edition
- Critical Severity Vulnerabilities Patched in November Patch Tuesday Edition
- Other Microsoft Vulnerability Highlights
- Microsoft Release Summary
- Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
- Rapid Response with Patch Management (PM)
- EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
- Qualys Monthly Webinar Series
Microsoft has released its November 2024 Patch Tuesday updates, targeting various vulnerabilities that could impact users and organizations worldwide. From zero-day threats to key product patches, here’s what’s crucial to apply this mont
Talos
November Patch Tuesday release contains three critical remote code execution vulnerabilities
blogs_talos·2024-11-12·CVSS 9.8
CVE-2024-43639 [CRITICAL] November Patch Tuesday release contains three critical remote code execution vulnerabilities
The Patch Tuesday for November of 2024 includes 89 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft assessed that exploitation of the four “critical” vulnerabilities is “less likely.”
CVE-2024-43639 is a remote code execution vulnerability in Windows Kerberos that could be exploited by an attacker by creating a specially crafted application to leverage a vulnerable cryptographic protocol. While considered “critical” it was determined that exploitation is “less likely” and not been detected in the wild.
CVE-2024-43625 is a privilege escalation vulnerability in a VMSwitch driver, which is a networking component of Hyper-V. An attacker could exploit this by sending a specific series of network
Krebs
Microsoft Patch Tuesday, November 2024 Edition
blogs_krebs·2024-11-12·CVSS 6.5
CVE-2024-49039 [MEDIUM] Microsoft Patch Tuesday, November 2024 Edition
Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.
The zero-day flaw tracked as CVE-2024-49039 is a bug in the Windows Task Scheduler that allows an attacker to increase their privileges on a Windows machine. Microsoft credits Google’s Threat Analysis Group with reporting the flaw.
The second bug fixed this month that is already seeing in-the-wild exploitation is CVE-2024-43451 , a spoofing flaw that could reveal Net-NTLMv2 hashes , which are used for authentication in Windows environments.
Satnam Narang , senior staff research eng
Bleepingcomputer
Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws
blogs_bleepingcomputer·2024-11-12·CVSS 6.5
[MEDIUM] Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws
## Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws
## Lawrence Abrams
26 Elevation of Privilege vulnerabilities
2 Security Feature Bypass vulnerabilities
52 Remote Code Execution vulnerabilities
1 Information Disclosure vulnerability
4 Denial of Service vulnerabilities
3 Spoofing vulnerabilities
This count does not include two Edge flaws that were previously fixed on November 7th.
To learn more about the non-security updates released today, you can review our dedicated articles on the new Windows 11 KB5046617 and KB5046633 cumulative updates and the Windows 10 KB5046613 update .
## Four zero-days disclosed
This month's Patch Tuesday fixes four zero-days, two of which were actively exploited in attacks, and three were publicly disclosed.
Microsoft classifies a
Qualys
Microsoft and Adobe Patch Tuesday, November 2024 Security Update Review
blogs_qualys·2024-11-12·CVSS 6.5
[MEDIUM] Microsoft and Adobe Patch Tuesday, November 2024 Security Update Review
## Table of Contents
Microsoft Patch Tuesday for November 2024
Adobe Patches for November 2024
Zero-day Vulnerabilities Patched in November Patch Tuesday Edition
Critical Severity Vulnerabilities Patched in November Patch Tuesday Edition
Other Microsoft Vulnerability Highlights
Microsoft Release Summary
Discover and Prioritize Vulnerabilities in Vulnerability Management, Detection & Response (VMDR)
Rapid Response with Patch Management (PM)
EVALUATE Vendor-Suggested Mitigation with Policy Compliance (PC)
Qualys Monthly Webinar Series
Microsoft has released its November 2024 Patch Tuesday updates, targeting various vulnerabilities that could impact users and organizations worldwide. From zero-day threats to key product patches, here’s what’s crucial to apply this month. Here’s a b
Talos
November Patch Tuesday release contains three critical remote code execution vulnerabilities
blogs_talos·2024-11-12·CVSS 9.8
CVE-2024-43639 [CRITICAL] November Patch Tuesday release contains three critical remote code execution vulnerabilities
## November Patch Tuesday release contains three critical remote code execution vulnerabilities
The Patch Tuesday for November of 2024 includes 89 vulnerabilities, including four that Microsoft marked as “critical.” The remaining vulnerabilities listed are classified as “important.”
Microsoft assessed that exploitation of the four “critical” vulnerabilities is “less likely.”
CVE-2024-43639 is a remote code execution vulnerability in Windows Kerberos that could be exploited by an attacker by creating a specially crafted application to leverage a vulnerable cryptographic protocol. While considered “critical” it was determined that exploitation is “less likely” and not been detected in the wild.
CVE-2024-43625 is a privilege escalation vulnerability in a VMSwitch driver, which is a networ
Crowdstrike
November 2024 Patch Tuesday: Updates and Analysis
blogs_crowdstrike·CVSS 7.5
CVE-2026-20929 [HIGH] November 2024 Patch Tuesday: Updates and Analysis
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
How CrowdStrike is Accelerating Exposure Evaluation as Adversaries Gain Speed Apr 06, 2026
STARDUST CHOLLIMA Likely Compromises Axios npm Package Apr 01, 2026
Falcon for IT Supports Windows Secure Boot Certificate Lifecycle Management Apr 01, 2026
Detecting CVE-2026-20929: Kerberos Authentication Relay via CNAME Abuse Mar 31, 2026
Video Highlights the 4 Key Steps to Successful Incident Response Dec 02, 2019
Helping Non-Security Stakeholders Understand AT
Bugzilla
CVE-2024-43498 dotnet: Type confusion vulnerability leads to AV in .NET Core NrbfDecoder component
bugzilla·2024-11-01·CVSS 9.8
CVE-2024-43498 [CRITICAL] CVE-2024-43498 dotnet: Type confusion vulnerability leads to AV in .NET Core NrbfDecoder component
CVE-2024-43498 dotnet: Type confusion vulnerability leads to AV in .NET Core NrbfDecoder component
Type confusion vulnerability leads to AV in .NET Core NrbfDecoder component
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2024:9543 https://access.redhat.com/errata/RHSA-2024:9543
2024-11-12
Published