Microsoft .NET Framework Information Disclosure Vulnerability
CVE-2024-29059

7.5HIGH

Key Information:

Vendor: Microsoft
Status: Microsoft .net Framework 4.8; Microsoft .net Framework 3.5 And 4.8; Microsoft .net Framework 3.5 And 4.7.2; Microsoft .net Framework 4.6.2/4.7/4.7.1/4.7.2
Vendor: CVE Published:; 23 March 2024

Badges

👾 Exploit Exists🟣 EPSS 84%🦅 CISA Reported📰 News Worthy

Summary

A vulnerability in Microsoft .NET Framework, identified as CVE-2024-29059, allows malicious users to obtain sensitive information. This vulnerability affects multiple versions of the .NET Framework, and a high severity rating has been assigned to it. Although there are no known exploits in the wild, affected users are advised to install necessary updates from the KB section listed in Windows Update as a solution to mitigate the risk.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Microsoft .NET Framework 2.0 Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 2.0.0 < 3.0.50727.8976

Microsoft .NET Framework 3.0 Service Pack 2 Windows Server 2008 for 32-bit Systems Service Pack 2 3.0.0 < 3.0.50727.8976

Microsoft .NET Framework 3.5 AND 4.6/4.6.2 Windows 10 for 32-bit Systems 10.0.0 < 10.0.10240.20402

News Articles

BleepingComputer

CVE-2024-29059

CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks

The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies and large organizations to apply the available security updates as soon as possible.