Multiple vulnerabilities in Microsoft Development Tools

Beschreibung

Multiple serious vulnerabilities have been found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, perform cross-site scripting attacks, gain privileges and spoof user interface.

Below is a complete list of vulnerabilities:

1. A security feature bypass vulnerability in .NET Framework can be exploited remotely to bypass security restrictions;
2. Multiple memory corruption vulnerabilities in ChakraCore can be exploited remotely to execute arbitrary code;
3. A security feature bypass vulnerability in MSR JavaScript Cryptography Library can be exploited remotely to bypass security restrictions;
4. A cross-site-scripting (XSS) vulnerability in Microsoft Active Directory Federation Services can be exploited remotely via specially crafted request to perform cross-site scripting attacks;
5. A command injection vulnerability in Microsoft Wireless Display Adapter V2 can be exploited remotely to execute arbitrary code;
6. An elevation of privilege vulnerability in .NET Framework can be exploited remotely to gain privileges;
7. A remote code execution vulnerability in Visual Studio can be exploited remotely to execute arbitrary code;
8. Multiple remote code execution vulnerabilities in .NET Framework can be exploited remotely to execute arbitrary code;
9. Miltiple security feature bypass vulnerabilities in ChakraCore can be exploited remotely to bypass security restrictions;
10. A remote code execution vulnerability in PowerShell Editor Services can be exploited remotely to execute arbitrary code;
11. A security feature bypass vulnerability in ASP.NET can be exploited remotely to bypass security restrictions;
12. A tampering vulnerability in Microsoft Visual Studio can be exploited remotely to spoof user interface.

Ursprüngliche Informationshinweise

• CVE-2018-8286

• CVE-2018-8279
• CVE-2018-8294
• CVE-2018-8276
• CVE-2018-8280
• CVE-2018-8290
• CVE-2018-8288
• CVE-2018-8291
• CVE-2018-8275
• CVE-2018-8287
• CVE-2018-8356
• CVE-2018-8298
• CVE-2018-8319
• CVE-2018-8326
• CVE-2018-8306
• CVE-2018-8202
• CVE-2018-8172
• CVE-2018-8260
• CVE-2018-8327
• CVE-2018-8171
• CVE-2018-8232
• CVE-2018-8284
• CVE-2018-8283

CVE Liste

• CVE-2018-8286
  warning
• CVE-2018-8279
  warning
• CVE-2018-8294
  warning
• CVE-2018-8276
  warning
• CVE-2018-8280
  warning
• CVE-2018-8290
  warning
• CVE-2018-8288
  warning
• CVE-2018-8291
  warning
• CVE-2018-8275
  warning
• CVE-2018-8287
  warning
• CVE-2018-8356
  warning
• CVE-2018-8298
  warning
• CVE-2018-8319
  warning
• CVE-2018-8326
  warning
• CVE-2018-8306
  warning
• CVE-2018-8202
  warning
• CVE-2018-8172
  warning
• CVE-2018-8260
  warning
• CVE-2018-8327
  warning
• CVE-2018-8171
  warning
• CVE-2018-8232
  warning
• CVE-2018-8284
  warning
• CVE-2018-8283
  warning

KB Liste

• 4338825
• 4338814
• 4338829
• 4338819
• 4338826
• 4345421
• 4345419
• 4345455
• 4345420
• 4345418
• 4338420
• 4338611
• 4338604
• 4338415
• 4338421
• 4338422
• 4338416
• 4338601
• 4336919
• 4338613
• 4338418
• 4338424
• 4338419
• 4338417
• 4339279
• 4336986
• 4338600
• 4338612
• 4336999
• 4338606
• 4336946
• 4338602
• 4338605
• 4338423
• 4342193
• 4338610
• 4342192
• 4342191
• 4346877
• 4344151
• 4344146
• 4343909
• 4344166
• 4344177
• 4344178
• 4344147
• 4344148
• 4343885
• 4344172
• 4344144
• 4343887
• 4344149
• 4344175
• 4344165
• 4344167
• 4343892
• 4344153
• 4344150
• 4344152
• 4344176
• 4344171
• 4344173
• 4344145
• 4343897

Mehr erfahren

Informieren Sie sich über die Statistiken der in Ihrer Region verbreiteten Sicherheitslücken statistics.securelist.com