Kaspersky Threats

Detect date

?

08/14/2018

Severity

?

High

Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability in Diagnostic Hub Standard Collector can be exploited remotely via specially crafted application to gain privileges.
An information disclosure vulnerability in .NET Framework can be exploited remotely to obtain sensitive information.

Affected products

Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows 10 for x64-based Systems
Windows 10 for 32-bit Systems
Windows Server 2016
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1803 for x64-based Systems
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2017
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.7.1/4.7.2
Windows 10 Version 1709 for x64-based Systems
Windows Server, version 1803 (Server Core Installation)
Windows Server 2016 (Server Core installation)
Windows Server, version 1709 (Server Core Installation)
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-0952
CVE-2018-8360

Impacts

?

OSI

[?]

PE

[?]

Detect date ?	08/14/2018
Severity ?	High
Description	Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in Diagnostic Hub Standard Collector can be exploited remotely via specially crafted application to gain privileges. An information disclosure vulnerability in .NET Framework can be exploited remotely to obtain sensitive information.
Affected products	Windows 10 Version 1607 for x64-based Systems Windows 10 Version 1607 for 32-bit Systems Windows 10 for x64-based Systems Windows 10 for 32-bit Systems Windows Server 2016 Windows 10 Version 1703 for x64-based Systems Windows 10 Version 1703 for 32-bit Systems Windows 10 Version 1709 for 32-bit Systems Windows 10 Version 1803 for 32-bit Systems Windows 10 Version 1803 for x64-based Systems Microsoft Visual Studio 2015 Update 3 Microsoft Visual Studio 2017 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 3.5 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 4.7.2 Microsoft .NET Framework 4.6/4.6.1/4.6.2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 4.7/4.7.1/4.7.2 Microsoft .NET Framework 4.7.1/4.7.2 Windows 10 Version 1709 for x64-based Systems Windows Server, version 1803 (Server Core Installation) Windows Server 2016 (Server Core installation) Windows Server, version 1709 (Server Core Installation) Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2018-0952 CVE-2018-8360
Impacts ?	OSI [?] PE [?]
Related products	Microsoft .NET Framework Microsoft Visual Studio Microsoft Windows Microsoft Windows Server Microsoft Windows 10
CVE-IDS ?	CVE-2018-09520.0Unknown CVE-2018-83600.0Unknown
KB list	4344151 4344146 4343909 4344166 4344177 4344178 4344147 4344148 4343885 4344172 4344144 4343887 4344149 4344175 4344165 4344167 4343892 4344153 4344150 4344152 4344176 4344171 4344173 4344145 4343897 4469516
Microsoft official advisories	Microsoft Security Update Guide
Exploitation	The following public exploits exists for this vulnerability: https://www.exploit-db.com/exploits/45244 Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

KLA11305Multiple vulnerabilities in Microsoft Developer Tools

KLA11305
Multiple vulnerabilities in Microsoft Developer Tools