Microsoft has re-released Security Advisory CVE-2017-8585 (.NET Denial of Service Vulnerability) on November 9, 2017, because .NET Core 1.0 and .NET Core 1.1 are also affected.
CVE-2017-8585 has been addressed in security updates in July 2017, but the documentation didn’t addesses the vulnerability of .NET Core 1.0 and .NET Core 1.1. Now Microsoft has released an updates version of Security Advisory CVE-2017-8585:
– Title: CVE-2017-8585 | .NET Denial of Service Vulnerability
– Reasons for Revision: Revised the Affected Products table to include
.NET Core 1.0 and .NET Core 1.1 because they are affected by
CVE-2017-8585. Customers running these versions of .NET Core can
find more information on GitHub at
This is an informational change only.
– Originally posted: July 11, 2017
– Updated: November 9, 2017
– CVE Severity Rating: Important
– Version: 2.0
Affected are only .NET Core 1. applications running under Windows 10 or Windows 2016.