KLA11501
Multiple vulnerabilities in Microsoft Developer Tools
Updated: 06/26/2019
Detect date
?
06/11/2019
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  2. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
  3. A spoofing vulnerability in Azure DevOps Server can be exploited remotely to spoof user interface.
Affected products

ChakraCore
Microsoft Edge
Azure DevOps Server 2019

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-1051
CVE-2019-0993
CVE-2019-0991
CVE-2019-1024
CVE-2019-1023
CVE-2019-0996
CVE-2019-1003
CVE-2019-0989
CVE-2019-0990
CVE-2019-1052

Impacts
?
ACE 
[?]

OSI 
[?]

SUI 
[?]
Related products
ChakraCore
CVE-IDS
?
CVE-2019-10514.2Warning
CVE-2019-09934.2Warning
CVE-2019-10244.2Warning
CVE-2019-09894.2Warning
CVE-2019-09906.5High
CVE-2019-09914.2Warning
CVE-2019-10236.5High
CVE-2019-10034.2Warning
CVE-2019-10524.2Warning
CVE-2019-09960.0Unknown
Microsoft official advisories
Microsoft Security Update Guide
KB list

4503293
4503327
4503286
4503284
4503267
4503291
4503279