As of this writing, (common hosts for .NET 4.0.30319) are out of extended support. While Microsoft offers ESU (Extended Security Updates) for paying customers, they do not issue new security patches for .NET 4.0 itself except through the .NET 4.8 upgrade.
A specially crafted regular expression input passed to Regex constructor can cause catastrophic backtracking, leading to 100% CPU exhaustion.
October 2023 Estimated Read Time: 12 minutes
Use tools like or Microsoft’s own .NET Framework Repair Tool to scan installed applications for references to v4.0.30319 in their config files.
As the days turned into weeks, the team finally completed the patching process, and the vulnerability was remediated. The team breathed a collective sigh of relief, knowing that their systems were now secure and protected from the potential threat.
If you see 4.0.30319 in a production environment today, it is to all patched .NET Framework issues from 2016 onward.