CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-43498

CVSS 9.8v3.1pub. 2024-11-12upd. 2024-11-19

.NET and Visual Studio Remote Code Execution Vulnerability

🤖 AI Analysis
How it works

The vulnerability is classified as CWE-843 (Type Confusion), which means an error consisting of incorrect interpretation of a data type by the .NET runtime environment. An attacker can provide specially crafted input data that causes incorrect processing of object types, leading to unintended code execution. The attack vector is network-based, requires no authentication or user interaction, which significantly increases its potential reach.

Impact

Successful exploitation of the vulnerability gives the attacker full control over the system — it is possible to obtain sensitive data, modify resources, and completely compromise system availability (full CIA triad: confidentiality, integrity, availability).

Mitigation & patch

Microsoft patches released as part of the November 2024 update (Patch Tuesday, 12.11.2024) should be applied immediately. Detailed information about available patch versions can be found in the Microsoft Security Response Center guide at: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498

Who is affected

Microsoft .NET and Microsoft Visual Studio 2022 running on Microsoft Windows, Apple macOS, and Linux systems. Specific versions are indicated in the manufacturer's references (MSRC).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Apple macOS

    OS
    Apple
    wszystkie wersje
  • Linux Kernel

    OS
    Linux
    wszystkie wersje
  • Microsoft .net

    APP
    Microsoft
    9.0.0
  • Microsoft Visual Studio 2022

    APP
    Microsoft
    17.10.0 – 17.10.9 (bez)17.11.0 – 17.11.6 (bez)17.6 – 17.6.21 (bez)17.8 – 17.8.16 (bez)
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-43300CRITICAL10.0⚠ KEVPL ✓ten sam produkt

Apple iOS/iPadOS/macOS — out-of-bounds write przy przetwarzaniu obrazu

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2025-31201CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Apple: Obejście Pointer Authentication w iOS, macOS i innych platformach