KLA11535
Multiple vulnerabilities in Microsoft Development Tools
Updated: 08/20/2019
Detect date
?
08/13/2019
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

  1. Multiple memory corruption vulnerabilities in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  2. An elevation of privilege vulnerability in Git for Visual Studio can be exploited remotely to gain privileges.
Affected products

ChakraCore
Microsoft Visual Studio 2017
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2017 version 15.9
Microsoft Visual Studio 2019 version 16.2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2019-1195
CVE-2019-1140
CVE-2019-1141
CVE-2019-1197
CVE-2019-1139
CVE-2019-1196
CVE-2019-1211
CVE-2019-1131

Impacts
?
ACE 
[?]

PE 
[?]
Related products
Microsoft Visual Studio
ChakraCore
CVE-IDS
?
CVE-2019-11314.2Warning
CVE-2019-11964.2Warning
CVE-2019-11974.2Warning
CVE-2019-11954.2Warning
CVE-2019-11404.2Warning
CVE-2019-11394.2Warning
CVE-2019-11414.2Warning
CVE-2019-12110.0Unknown
Microsoft official advisories
Microsoft Security Update Guide
KB list

4512516
4511553
4512501
4512497
4512517
4512508
4512507