Outbreak Alert

Microsoft .NET Framework Information Disclosure

Released: Mar 17, 2025

Microsoft .NET Framework Information Disclosure Vulnerability Tags

High Severity

Microsoft Vendor

Watch Video

Exposure of Sensitive Information

Threat Actors are targeting and actively exploiting a Microsoft .NET Framework information disclosure vulnerability (CVE-2024-29059) that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution. Learn More »

Common Vulnerabilities and Exposures

Background

The security vulnerability tracked as CVE-2024-29059, has also been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog on February 4, 2025.

The vulnerability can be exploited remotely over the network, with low complexity and without any user interaction, making it relatively easy to exploit once the target is identified.

FortiGuard Sensors continuously detect a steady stream of attack attempts and have blocked attack attempts across up to 1,200 devices.

Latest Development

Recent news and incidents related to cybersecurity threats encompassing various events such as data breaches, cyber-attacks, security incidents, and vulnerabilities discovered.

FortiGuard recommends users to apply the latest security updates provided by Micosoft and follow instructions as mentioned on the vendorâ€™s advisory. https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059

March 22, 2025: Micosoft released a Threat Advisory.
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-29059
February 13, 2025: FortiGuard Labs released a Threat Signal Report
https://www.fortiguard.com/threat-signal-report/6014/microsoft-net-framework-information-disclosure-vulnerability
February 04, 2025: Attacks in the wild have been reported by CISA Known Exploited Vulnerability.
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2024-29059

FortiGuard Cybersecurity Framework

Mitigate security threats and vulnerabilities by leveraging the range of FortiGuard Services.

PROTECT

Lure
Decoy VM
Vulnerability
IPS

DETECT

IOC
Outbreak Detection
Threat Hunting
Content Update

RESPOND

Automated Response
Assisted Response Services

RECOVER

NOC/SOC Training
End-User Training

IDENTIFY

Vulnerability Management
Attack Surface Monitoring (Inside & Outside)
Attack Surface Hardening

Threat Intelligence

Information gathered from analyzing ongoing cybersecurity events including threat actors, their tactics, techniques, and procedures (TTPs), indicators of compromise (IOCs), malware and related vulnerabilities.

References

Sources of information in support and relation to this Outbreak and vendor.

FortiGuard Threat Signal

Learn More »

Microsoft Update Guide (CVE-2024-29059)

Learn More »

About FortiGuard Outbreak Alerts

Learn More »

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

Outbreak Alert

Microsoft .NET Framework Information Disclosure

Exposure of Sensitive Information

Common Vulnerabilities and Exposures

Background

Real-Time Threat Map

Latest Development

FortiGuard Cybersecurity Framework

Threat Intelligence

References

FortiGuard Threat Signal

Microsoft Update Guide (CVE-2024-29059)

About FortiGuard Outbreak Alerts

Threat Intelligence
Center