KLA11459
Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, cause denial of service, gain privileges.

Below is a complete list of vulnerabilities:

1. A cross-site-scripting (XSS) vulnerability Azure DevOps Server and Team Foundation Server can be exploited remotely via specially crafted payload to spoof user interface.
2. A cross-site-scripting (XSS) vulnerability Azure DevOps Server can be exploited remotely via specially crafted payload to spoof user interface.
3. Unspecified Microsoft Azure can be exploited remotely to spoof user interface.
4. An information disclosure vulnerability in Open Enclave SDK can be exploited remotely to obtain sensitive information.
5. A denial of service vulnerability in ASP.NET Core can be exploited remotely via specially crafted requests to cause denial of service.
6. An elevation of privilege vulnerability in Azure DevOps Server can be exploited remotely via specially crafted request to gain privileges.
7. A spoofing vulnerability in Azure DevOps Server can be exploited remotely via specially crafted payload to spoof user interface.

Open Enclave SDK
Azure DevOps Server 2019
ASP.NET Core 2.2
Team Foundation Server 2018 Update 3.2
Team Foundation Server 2018 Update 1.2
Team Foundation Server 2017 Update 3.1
Team Foundation Server 2015 Update 4.2

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

CVE-2019-0870
CVE-2019-0874
CVE-2019-0869
CVE-2019-0876
CVE-2019-0867
CVE-2019-0866
CVE-2019-0815
CVE-2019-0871
CVE-2019-0875
CVE-2019-0857
CVE-2019-0868