Kaspersky Threats

Detect date

?

05/08/2018

Severity

?

High

Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, cause denial of service.

Below is a complete list of vulnerabilities:

A spoofing vulnerability in Azure IoT SDK can be exploited remotely to spoof user interface.
A security feature bypass vulnerability in .NET Framework Device Guard can be exploited remotely to bypass security restrictions.
A denial of service vulnerability in .NET and .NET Core can be exploited remotely via specially crafted requests to cause denial of service.

Affected products

Microsoft .NET Framework 4.7.2
.NET Core 2.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.7.1
C# SDK for Azure IoT
Microsoft .NET Framework 4.6.2/4.7/4.7.1
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Java SDK for Azure IoT
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1
Microsoft .NET Framework 4.7/4.7.1
C SDK for Azure IoT

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8119
CVE-2018-1039
CVE-2018-0765

Impacts

?

DoS

[?]

SB

[?]

SUI

[?]

Detect date ?	05/08/2018
Severity ?	High
Description	Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: A spoofing vulnerability in Azure IoT SDK can be exploited remotely to spoof user interface. A security feature bypass vulnerability in .NET Framework Device Guard can be exploited remotely to bypass security restrictions. A denial of service vulnerability in .NET and .NET Core can be exploited remotely via specially crafted requests to cause denial of service.
Affected products	Microsoft .NET Framework 4.7.2 .NET Core 2.0 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.7.1 C# SDK for Azure IoT Microsoft .NET Framework 4.6.2/4.7/4.7.1 Microsoft .NET Framework 4.6/4.6.1/4.6.2 Java SDK for Azure IoT Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1 Microsoft .NET Framework 4.7/4.7.1 C SDK for Azure IoT
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2018-8119 CVE-2018-1039 CVE-2018-0765
Impacts ?	DoS [?] SB [?] SUI [?]
Related products	Microsoft .NET Framework Microsoft Azure
CVE-IDS ?	CVE-2018-07655.0Critical CVE-2018-10394.6Warning CVE-2018-81196.8High
Microsoft official advisories	Microsoft Security Update Guide
KB list	4103723 4103716 4103731 4103721 4103727 4095873 4095513 4095872 4095512 4095875 4095515 4095874 4095514 4095876 4095517 4096495 4095519 4096494 4095518 4096236 4096237 4096235 4096416 4096417 4096418
	Find out the statistics of the vulnerabilities spreading in your region

KLA11248Multiple vulnerabilities in Microsoft Developer Tools

KLA11248
Multiple vulnerabilities in Microsoft Developer Tools