KLA11248
Multiple vulnerabilities in Microsoft Developer Tools
Updated: 07/22/2020
Detect date
?
05/08/2018
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, bypass security restrictions, cause denial of service.

Below is a complete list of vulnerabilities:

  1. A spoofing vulnerability in Azure IoT SDK can be exploited remotely to spoof user interface.
  2. A security feature bypass vulnerability in .NET Framework Device Guard can be exploited remotely to bypass security restrictions.
  3. A denial of service vulnerability in .NET and .NET Core can be exploited remotely via specially crafted requests to cause denial of service.
Affected products

Microsoft .NET Framework 4.7.2
.NET Core 2.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.7.1
C# SDK for Azure IoT
Microsoft .NET Framework 4.6.2/4.7/4.7.1
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Java SDK for Azure IoT
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1
Microsoft .NET Framework 4.7/4.7.1
C SDK for Azure IoT

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8119
CVE-2018-1039
CVE-2018-0765

Impacts
?
DoS 
[?]

SB 
[?]

SUI 
[?]
Related products
Microsoft .NET Framework
Microsoft Azure
CVE-IDS
?
CVE-2018-07650.0Unknown
CVE-2018-10390.0Unknown
CVE-2018-81190.0Unknown
Microsoft official advisories
Microsoft Security Update Guide
KB list

4103723
4103716
4103731
4103721
4103727
4095873
4095513
4095872
4095512
4095875
4095515
4095874
4095514
4095876
4095517
4096495
4095519
4096494
4095518
4096236
4096237
4096235
4096416
4096417
4096418