Security news aggregator

Latest coverage for .NET

.NET is Microsoft's software development platform, and flaws in its runtimes or libraries can expose applications and services to attack.

2 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

.NET is Microsoft’s software-development platform: a runtime, standard libraries, language support, and application frameworks used to build web services, APIs, desktop software, and other applications. The name covers modern, cross-platform .NET as well as the older Windows-focused .NET Framework, which have different release and support paths and should be distinguished during vulnerability management.

Security exposure can arise in the runtime, ASP.NET request-handling components, application configuration, and third-party NuGet packages. Vulnerabilities may enable code execution, denial of service, or unauthorized access when affected components are reachable or incorrectly used; insecure deserialization and weak authentication or authorization are recurring application-level concerns. Operators should inventory the exact runtime and framework versions, apply supported security updates, monitor transitive dependencies, and remove obsolete components. Developers should use platform-provided cryptography and TLS appropriately, validate untrusted input, protect secrets outside source code, and configure authentication and authorization explicitly.

Showing 2 most recent headlines Filtered view

Flaw in Kestrel web server allowed request smuggling, impact depends on hosting setup and application code Microsoft has patched an ASP.NET Core vulnerability with a CVSS score of 9.9, which security program manager Barry Dorrans said was "our highest ever." The flaw is in the Kestrel web server component and enables security bypass.…