KLA11956
Multiple vulnerabilities in Microsoft Developer Tools

Updated: 05/24/2022
Detect date
?
09/08/2020
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Diagnostics Hub Standard Collector can be exploited remotely via specially crafted application to gain privileges.
  2. A remote code execution vulnerability in Visual Studio can be exploited remotely via specially crafted file to execute arbitrary code.
  3. A remote code execution vulnerability in Visual Studio JSON can be exploited remotely to execute arbitrary code.
  4. A security feature bypass vulnerability in Microsoft ASP.NET Core can be exploited remotely to bypass security restrictions.
Affected products

ASP.NET Core 3.1
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Visual Studio Code
ASP.NET Core 2.1
Microsoft Visual Studio 2013 Update 5
Microsoft Visual Studio 2012 Update 5
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-16874
CVE-2020-16881
CVE-2020-1130
CVE-2020-1133
CVE-2020-1045
CVE-2020-16856

Impacts
?
ACE 
[?]

SB 
[?]

PE 
[?]
Related products
Microsoft Visual Studio
CVE-IDS
?
CVE-2020-11304.6Warning
CVE-2020-11334.6Warning
CVE-2020-168749.3Critical
CVE-2020-168819.3Critical
CVE-2020-10455.0Critical
CVE-2020-168569.3Critical
KB list

4576950
4571480
4571479
4571481

Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region