This issue is rated as critical due to the fact that it can be exploited by malicious people to allow them to gain elevated privileges on an affected system.
Affected software.
NuGet Client versions prior to version 3.1.0 are affected.
Affected operating systems.
NuGet Client is available on Windows, Linux, and macOS.
In order to exploit this issue, an attacker must convince a user to install a specially crafted package into the system.
Fixes.
Apply Microsoft patch MS17-010 to fix this issue.
Reduce the risk of exploitation by keeping antivirus software up-to-date, using caution when installing software from unknown sources, disabling unneeded services, and so on. In short, make sure that your system is as secure as possible.
Microsoft Security Advisory:
NuGet Client CVE-2022-41032
A remote code execution vulnerability exists in NuGet client, which is a package manager for the .NET framework. The vulnerability allows an attacker to execute arbitrary code by convincing a user to install a specially crafted package into the system.
This issue was rated as critical due to the fact that it can be exploited by malicious people to allow them to gain elevated privileges on an affected system.
Timeline
Published on: 10/11/2022 19:15:00 UTC
Last modified on: 10/11/2022 19:16:00 UTC