KLA11459
Multiple vulnerabilities in Microsoft Developer Tools

Updated: 07/22/2020
Microsoft official advisories
Microsoft Security Update Guide
Detect date
?
04/09/2019
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, cause denial of service, gain privileges.

Below is a complete list of vulnerabilities:

  1. A cross-site-scripting (XSS) vulnerability Azure DevOps Server and Team Foundation Server can be exploited remotely via specially crafted payload to spoof user interface.
  2. A cross-site-scripting (XSS) vulnerability Azure DevOps Server can be exploited remotely via specially crafted payload to spoof user interface.
  3. Unspecified Microsoft Azure can be exploited remotely to spoof user interface.
  4. An information disclosure vulnerability in Open Enclave SDK can be exploited remotely to obtain sensitive information.
  5. A denial of service vulnerability in ASP.NET Core can be exploited remotely via specially crafted requests to cause denial of service.
  6. An elevation of privilege vulnerability in Azure DevOps Server can be exploited remotely via specially crafted request to gain privileges.
  7. A spoofing vulnerability in Azure DevOps Server can be exploited remotely via specially crafted payload to spoof user interface.
Affected products

Open Enclave SDK
Azure DevOps Server 2019
ASP.NET Core 2.2
Team Foundation Server 2018 Update 3.2
Team Foundation Server 2018 Update 1.2
Team Foundation Server 2017 Update 3.1
Team Foundation Server 2015 Update 4.2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-0870
CVE-2019-0874
CVE-2019-0869
CVE-2019-0876
CVE-2019-0867
CVE-2019-0866
CVE-2019-0815
CVE-2019-0871
CVE-2019-0875
CVE-2019-0857
CVE-2019-0868

Impacts
?
OSI 
[?]

DoS 
[?]

PE 
[?]

SUI 
[?]
Related products
Team Foundation Server
Microsoft Azure
CVE-IDS
?
CVE-2019-08684.3Warning
CVE-2019-08762.1Warning
CVE-2019-08704.3Warning
CVE-2019-08744.3Warning
CVE-2019-08694.3Warning
CVE-2019-08674.3Warning
CVE-2019-08755.0Critical
CVE-2019-08664.3Warning
CVE-2019-08155.0Critical
CVE-2019-08574.3Warning
CVE-2019-08714.3Warning
Find out the statistics of the vulnerabilities spreading in your region