KLA11971
Multiple vulnerabilities in Microsoft Developer Tools

Updated: 05/24/2022
Detect date
?
10/13/2020
Severity
?
High
Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in .NET Framework can be exploited remotely via specially crafted application to obtain sensitive information.
  2. A security feature bypass vulnerability in PowerShellGet Module WDAC can be exploited remotely to bypass security restrictions.
  3. A remote code execution vulnerability in Visual Studio Code Python Extension can be exploited remotely via specially crafted file to execute arbitrary code.
Affected products

Visual Studio Code
Microsoft .NET Framework 3.5 AND 4.8
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4.8
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2
Microsoft .NET Framework 3.5 AND 4.7.2
PowerShellGet 2.2.5
Microsoft .NET Framework 2.0 Service Pack 2

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2020-16937
CVE-2020-16886
CVE-2020-16977

Impacts
?
ACE 
[?]

OSI 
[?]

SB 
[?]
Related products
Microsoft .NET Framework
Microsoft Visual Studio
CVE-IDS
?
CVE-2020-169374.3Warning
CVE-2020-168867.2High
CVE-2020-169779.3Critical
KB list

4579980
4578974
4578972
4578971
4579977
4579978
4579979
4578968
4578969
4580328
4579976
4580330
4580327
4580346
4580470
4580468
4580469
4580467
4578961
4578963

Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region