Multiple vulnerabilities in Microsoft Developer Tools

Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. An information disclosure vulnerability in .NET Framework can be exploited remotely via specially crafted application to obtain sensitive information.
2. A security feature bypass vulnerability in PowerShellGet Module WDAC can be exploited remotely to bypass security restrictions.
3. A remote code execution vulnerability in Visual Studio Code Python Extension can be exploited remotely via specially crafted file to execute arbitrary code.

Original advisories

• CVE-2020-16937

• CVE-2020-16886
• CVE-2020-16977

Related products

• Microsoft-.NET-Framework
• Microsoft-Visual-Studio

CVE list

• CVE-2020-16937
  high
• CVE-2020-16886
  high
• CVE-2020-16977
  critical

KB list

• 4579980
• 4578974
• 4578972
• 4578971
• 4579977
• 4579978
• 4579979
• 4578968
• 4578969
• 4580328
• 4579976
• 4580330
• 4580327
• 4580346
• 4580470
• 4580468
• 4580469
• 4580467
• 4578961
• 4578963

Read more

Find out the statistics of the vulnerabilities spreading in your region on statistics.securelist.com