Vulnerabilities Threats

English Russian Japanese LatAm Türkiye Brasil France Český Deutschland

KLA11618
Multiple vulnerabilities in Microsoft Developer Tools
Updated: 01/17/2020
Detect date
?
 12/10/2019
Severity
?
 Critical
Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Git for Visual Studio can be exploited remotely to execute arbitrary code.
  2. A tampering vulnerability in Git for Visual Studio can be exploited remotely via specially crafted path to spoof user interface.
  3. A spoofing vulnerability in Visual Studio Live Share can be exploited remotely to spoof user interface.
Affected products

Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2017 version 15.0
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio Live Share extension
Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories

CVE-2019-1352
CVE-2019-1351
CVE-2019-1387
CVE-2019-1350
CVE-2019-1354
CVE-2019-1486
CVE-2019-1349
Impacts
?
ACE 
[?]

SUI 
[?]
Related products
 Microsoft Visual Studio
CVE-IDS
?
CVE-2019-13520.0Unknown
CVE-2019-13510.0Unknown
CVE-2019-13870.0Unknown
CVE-2019-13500.0Unknown
CVE-2019-13540.0Unknown
CVE-2019-14860.0Unknown
CVE-2019-13490.0Unknown
Microsoft official advisories
 Microsoft Security Update Guide
© 2020 AO Kaspersky Lab. All Rights Reserved.
Privacy Policy

Up