Microsoft provided an update to previously released August security updates that confirmed a Microsoft Visual Studio, .NET vulnerability (CVE-2023-38180) is under attack in the wild.
Previously patched as part of August Security Updates, CVE-2023-38180 is a Denial of Service (DoS) vulnerability in Microsoft Visual Studio, .NET versions 6.0 and 7.0, and ASP.NET Core 2.1.
According to Microsoft, CVE-2023-38180 is rated “Important” and was assigned a CVSSv3 score of 7.5. Microsoft confirmed “exploitation has been detected” in the wild.
Microsoft provided the update regarding the exploit status on August 11, 2023 (previously released August 8, 2023).