Kaspersky Threats

Detect date

?

05/10/2022

Severity

?

High

Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code.

Below is a complete list of vulnerabilities:

A denial of service vulnerability in .NET and Visual Studio can be exploited remotely to cause denial of service.
A remote code execution vulnerability in Visual Studio Code can be exploited remotely to execute arbitrary code.
A remote code execution vulnerability in Visual Studio can be exploited remotely to execute arbitrary code.
A denial of service vulnerability in .NET Framework can be exploited remotely to cause denial of service.

Affected products

.NET Core 3.1
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
.NET 5.0
Microsoft .NET Framework 3.5 AND 4.7.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
.NET 6.0
Microsoft .NET Framework 4.8
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5.1
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Visual Studio Code
Microsoft .NET Framework 4.6
Microsoft Visual Studio 2022 version 17.0
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5
Microsoft Visual Studio 2022 version 17.1
Microsoft .NET Framework 3.5 AND 4.8

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2022-23267
CVE-2022-30129
CVE-2022-29117
CVE-2022-29148
CVE-2022-30130
CVE-2022-29145

Impacts

?

ACE

[?]

DoS

[?]

Detect date ?	05/10/2022
Severity ?	High
Description	Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code. Below is a complete list of vulnerabilities: A denial of service vulnerability in .NET and Visual Studio can be exploited remotely to cause denial of service. A remote code execution vulnerability in Visual Studio Code can be exploited remotely to execute arbitrary code. A remote code execution vulnerability in Visual Studio can be exploited remotely to execute arbitrary code. A denial of service vulnerability in .NET Framework can be exploited remotely to cause denial of service.
Affected products	.NET Core 3.1 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) .NET 5.0 Microsoft .NET Framework 3.5 AND 4.7.2 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) .NET 6.0 Microsoft .NET Framework 4.8 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5.1 Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Visual Studio Code Microsoft .NET Framework 4.6 Microsoft Visual Studio 2022 version 17.0 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 3.5 Microsoft Visual Studio 2022 version 17.1 Microsoft .NET Framework 3.5 AND 4.8
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2022-23267 CVE-2022-30129 CVE-2022-29117 CVE-2022-29148 CVE-2022-30130 CVE-2022-29145
Impacts ?	ACE [?] DoS [?]
Related products	Microsoft .NET Framework Microsoft Visual Studio
KB list	5014326 5013840 5013870 5013838 5013872 5014329 5013837 5013839 5013871 5013873 5014330 5021243
Microsoft official advisories	Microsoft Security Update Guide
	Find out the statistics of the vulnerabilities spreading in your region

KLA12535Multiple vulnerabilities in Microsoft Developer Tools

KLA12535
Multiple vulnerabilities in Microsoft Developer Tools