CVE-2024-21409: 
vulnerability analysis and mitigation

A remote code execution vulnerability (CVE-2024-21409) affects .NET, .NET Framework, and Visual Studio. The vulnerability was disclosed on April 9, 2024, impacting multiple versions of .NET Framework (3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8) and .NET versions 6.0 prior to 6.0.29, 7.0 prior to 7.0.18, and 8.0 prior to 8.0.4 (NVD, Microsoft Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 7.3 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H. Microsoft has classified this as a Use After Free (CWE-416) vulnerability (NVD).

Successful exploitation of this vulnerability could lead to disclosure of sensitive information, addition or modification of data, or Denial of Service (DoS) (NetApp Advisory).

Microsoft has released security updates to address this vulnerability. Users should install the latest security updates through Windows Update or download them directly from the Microsoft Update Catalog. For .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2, the d3dcompiler_47.dll update must be installed before applying the security update (Microsoft Support).