What is CVE-2022-41089?

CVE-2022-41089 is a high-severity remote code execution vulnerability in the .NET Framework, affecting various versions of Microsoft Visual Studio and PowerShell. This impacts multiple Microsoft Windows operating systems, including Windows 10, Windows 11, and various Windows Server editions.

Who is impacted by CVE-2022-41089?

Impacted versions include .NET Framework 3.5, 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8, and 4.8.1, Visual Studio 2019 (16.11) and 2022 (17.0, 17.2, and 17.4), and PowerShell 7.2 and 7.3. This vulnerability can lead to remote code execution, making it essential for users to be aware of the issue and take appropriate measures to secure their systems.

What to do if CVE-2022-41089 affected you

If you're affected by the CVE-2022-41089 vulnerability, it's important to take action to secure your system. Follow these steps:

1. Check if your .NET Framework version and operating system are affected.

2. Install the security updates provided by Microsoft for your specific .NET Framework version and operating system. See the Microsoft advisory for details.

3. Update your software to a version that is not affected by this vulnerability, as recommended by CVE.org.

Is this in CISA’s Known Exploited Vulnerabilities Catalog?

The CVE-2022-41089 vulnerability, also known as the .NET Framework Remote Code Execution Vulnerability, is not listed in CISA's Known Exploited Vulnerabilities Catalog. It was added to the CVE database on December 13, 2022. To address this vulnerability, users should install the security updates provided by Microsoft.

Weakness Enumeration

The weakness enumeration for this vulnerability is "Insufficient Information," indicating a lack of specific details about the vulnerability and its mitigation.

Learn More

For a comprehensive understanding of its description, severity, technical details, and affected software configurations, refer to the NVD page and the resources listed below.

• Microsoft Security Advisory

• CVE Record