KLA11330
Multiple vulnerabilities in Microsoft Developer Tools
Updated: 07/22/2020
Detect date
?
10/09/2018
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Azure IoT Device Client SDK can be exploited remotely to obtain sensitive information.
  2. An information disclosure vulnerability in .NET Core can be exploited remotely to obtain sensitive information.
Affected products

Azure IoT Edge
Hub Device Client SDK for Azure IoT
.NET Core 1.0
PowerShell Core 6.0
.NET Core 1.1
.NET Core 2.1

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2018-8531
CVE-2018-8292

Impacts
?
ACE 
[?]

OSI 
[?]
Related products
Microsoft Edge
Microsoft Azure
CVE-IDS
?
CVE-2018-85310.0Unknown
CVE-2018-82920.0Unknown
Microsoft official advisories
Microsoft Security Update Guide