Kaspersky Threats

Detect date

?

05/10/2022

Severity

?

High

Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

A denial of service vulnerability in .NET and Visual Studio can be exploited remotely to None.
A remote code execution vulnerability in Visual Studio Code can be exploited remotely to execute arbitrary code.
A denial of service vulnerability in .NET and Visual Studio can be exploited remotely to cause denial of service.
A remote code execution vulnerability in Visual Studio can be exploited remotely to execute arbitrary code.
A denial of service vulnerability in .NET Framework can be exploited remotely to cause denial of service.

Affected products

.NET Core 3.1
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
.NET 5.0
Microsoft .NET Framework 3.5 AND 4.7.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
.NET 6.0
Microsoft .NET Framework 4.8
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5.1
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Visual Studio Code
Microsoft .NET Framework 4.6
Microsoft Visual Studio 2022 version 17.0
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5
Microsoft Visual Studio 2022 version 17.1
Microsoft .NET Framework 3.5 AND 4.8

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2022-23267
CVE-2022-30129
CVE-2022-29117
CVE-2022-29148
CVE-2022-30130
CVE-2022-29145

Impacts

?

ACE

[?]

DoS

[?]

Detect date ?	05/10/2022
Severity ?	High
Description	Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: A denial of service vulnerability in .NET and Visual Studio can be exploited remotely to None. A remote code execution vulnerability in Visual Studio Code can be exploited remotely to execute arbitrary code. A denial of service vulnerability in .NET and Visual Studio can be exploited remotely to cause denial of service. A remote code execution vulnerability in Visual Studio can be exploited remotely to execute arbitrary code. A denial of service vulnerability in .NET Framework can be exploited remotely to cause denial of service.
Affected products	.NET Core 3.1 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) .NET 5.0 Microsoft .NET Framework 3.5 AND 4.7.2 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) .NET 6.0 Microsoft .NET Framework 4.8 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5.1 Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Visual Studio Code Microsoft .NET Framework 4.6 Microsoft Visual Studio 2022 version 17.0 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 3.5 Microsoft Visual Studio 2022 version 17.1 Microsoft .NET Framework 3.5 AND 4.8
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2022-23267 CVE-2022-30129 CVE-2022-29117 CVE-2022-29148 CVE-2022-30130 CVE-2022-29145
Impacts ?	ACE [?] DoS [?]
Related products	Microsoft .NET Framework Microsoft Visual Studio
CVE-IDS ?	CVE-2022-232675.0Critical CVE-2022-301295.0Critical CVE-2022-291175.0Critical CVE-2022-291485.0Critical CVE-2022-301305.0Critical CVE-2022-291455.0Critical
KB list	5013952 5013627 5014326 5013630 5013840 5013870 5013838 5013872 5013628 5013625 5013868 5014329 5013837 5013839 5013871 5013624 5013873 5014330
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA12535Multiple vulnerabilities in Microsoft Developer Tools

KLA12535
Multiple vulnerabilities in Microsoft Developer Tools