Autodesk has a public online Autodesk Trust Center to report security advisories, serious issues, and hopefully solutions to issues and exploits. There have recently made some updates on issues that could be serious and you should review and take appropriate action as necessary. It is commendable that Autodesk takes these issues serios and provides the alert and recommendations including solutions for customers with products with an expired of support contract but affected.
ADSK-SA-2024-0004
Multiple Vulnerabilities in Autodesk AutoCAD Desktop Software
”A vulnerability, which if exploited, would directly impact the confidentiality, integrity or availability of user’s data or processing resources.”
Autodesk ID: ADSK-SA-2024-0004
Product, Service, Component: Autodesk AutoCAD, Advance Steel and Civil 3D
Impact: Out-of-Bounds write, Stack-based Overflow, Heap based Overflow, Use-After-Free, Memory Corruption, Untrusted Pointer Dereference, Heap-based Buffer Overflow, Uninitialized Variable
Severity: High
Original Publish: 2/29/2024
Last Revised: 3/20/2024
”Autodesk AutoCAD and certain AutoCAD-based products may be affected by Out-of-Bounds write, Stack-based Overflow, Heap based Overflow, Use-After-Free, Memory Corruption, Untrusted Pointer Dereference, Heap-based Buffer Overflow, and Uninitialized Variable vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
Autodesk strongly recommends that users of the listed supported versions of AutoCAD, Advance Steel, Civil 3D and the specialized toolsets of AutoCAD install the latest updates, as applicable, via Autodesk Access or the Accounts Portal. As a general best practice, we also recommend that customers only open files (3dm, abc, CATPart, iges, igs, model, prt, sldasm, sldprt, step, stp, x_t) from trusted sources.
Product, Service, Component: Autodesk AutoCAD, Advance Steel and Civil 3D
Impact: Out-of-Bounds write, Stack-based Overflow, Heap based Overflow, Use-After-Free, Memory Corruption, Untrusted Pointer Dereference, Heap-based Buffer Overflow, Uninitialized Variable
Severity: High
Original Publish: 2/29/2024
Last Revised: 3/20/2024
”Autodesk AutoCAD and certain AutoCAD-based products may be affected by Out-of-Bounds write, Stack-based Overflow, Heap based Overflow, Use-After-Free, Memory Corruption, Untrusted Pointer Dereference, Heap-based Buffer Overflow, and Uninitialized Variable vulnerabilities. Exploitation of these vulnerabilities may lead to code execution.
Customers using previous versions that no longer qualify for full support should plan to upgrade to a supported version as soon as possible to avoid downtime and potential security vulnerabilities. Visit the Autodesk Knowledge Network for more information about previous version support.”
I was looking at this one yesterday that affects DWG TRUEVIEW and just about every program that uses a .dwg. What could be a more friendly program?
https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0006?_ga=2.27016061.1379661670.1710786970-361922115.1709079298
I am the CEO and Instructor for Bay Institute of Science and Engineering – We are a United States Precision Machine Trades Trainer. We have helped over 7,000 students become journeymen in our trade. I am trying to get my apprentices an Educational copy of AutoCAD and I keep getting the run around from those at AutoDesk. Does anyone know how to secure this?
Ken,
You would need to get Autodesk educational software through https://www.autodesk.com/education/home