Autodesk Updates for Trust Issues
22 March 2024
Autodesk has a public online Autodesk Trust Center to report security advisories, serious issues, and hopefully solutions to issues and exploits. There have recently made some updates on issues that could be serious and you should review and take appropriate action as necessary. It is commendable that Autodesk takes these issues serios and provides the alert and recommendations including solutions for customers with products with an expired of support contract but affected.
ADSK-SA-2024-0004
Multiple Vulnerabilities in Autodesk AutoCAD Desktop Software
”A vulnerability, which if exploited, would directly impact the confidentiality, integrity or availability of user’s data or processing resources.”
Autodesk ID: ADSK-SA-2024-0004
Product, Service, Component: Autodesk AutoCAD, Advance Steel and Civil 3D
Impact: Out-of-Bounds write, Stack-based Overflow, Heap based Overflow, Use-After-Free, Memory Corruption, Untrusted Pointer Dereference, Heap-based Buffer Overflow, Uninitialized Variable
Severity: High
Original Publish: 2/29/2024
Last Revised: 3/20/2024
![image image](https://www.btl-blog.com/.a/6a00d8341bfd0c53ef02c8d3aa6b93200c-pi)
”Autodesk AutoCAD and certain AutoCAD-based products may be affected by Out-of-Bounds write, Stack-based Overflow, Heap based Overflow, Use-After-Free, Memory Corruption, Untrusted Pointer Dereference, Heap-based Buffer Overflow, and Uninitialized Variable vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
Autodesk strongly recommends that users of the listed supported versions of AutoCAD, Advance Steel, Civil 3D and the specialized toolsets of AutoCAD install the latest updates, as applicable, via Autodesk Access or the Accounts Portal. As a general best practice, we also recommend that customers only open files (3dm, abc, CATPart, iges, igs, model, prt, sldasm, sldprt, step, stp, x_t) from trusted sources.
Product, Service, Component: Autodesk AutoCAD, Advance Steel and Civil 3D
Impact: Out-of-Bounds write, Stack-based Overflow, Heap based Overflow, Use-After-Free, Memory Corruption, Untrusted Pointer Dereference, Heap-based Buffer Overflow, Uninitialized Variable
Severity: High
Original Publish: 2/29/2024
Last Revised: 3/20/2024
Customers using previous versions that no longer qualify for full support should plan to upgrade to a supported version as soon as possible to avoid downtime and potential security vulnerabilities. Visit the Autodesk Knowledge Network for more information about previous version support.”