Hey Checkyoulogs Fans,

Today, we are going to look at vulnerability remediation for CVE-2024-21404.

This is related to required updates of .Net and ASP.NET Core.

This alert is currently tripping on Defender Endpoint with the following:

Microsoft has instructions here on how to obtain the proper patch.

As we can see from above we are running 6.0.25 and Microsoft recommends going to 6.0.27.

We are going to go to 6.0.28 as that is the latest version.

Microsoft Security Advisory CVE-2024-21404 | .NET Denial of Service Vulnerability · Issue #98373 · dotnet/runtime · GitHub

Pull the binaries from here and install:

https://dotnet.microsoft.com/download/dotnet-core/6.0

As you can see below, we need to update ASPNetCore, .NetDesktop Runtime and .Net Runtime because all three are installed on these systems.

After you install all three make sure as always to uninstall the old versions.

Verify

There we go all updated and no more .Net Vulnerabilities.

Thanks,

Dave