Searching
..

Click anywhere to stop

KLA50317
Multiple vulnerabilities in Microsoft Developer Tools

Updated: 01/25/2024
Detect date
?
06/13/2023
Severity
?
Critical
Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information, spoof user interface.

Below is a complete list of vulnerabilities:

  1. Out of bounds memory access vulnerability in Git can be exploited to cause denial of service and gain privileges.
  2. Remote code execution vulnerability can be exploited remotely to execute arbitrary code.
  3. An information disclosure vulnerability in Visual Studio can be exploited remotely to obtain sensitive information.
  4. An elevation of privilege vulnerability in .NET, .NET Framework, and Visual Studio can be exploited remotely to gain privileges.
  5. A remote code execution vulnerability in Autodesk® FBX® SDK 2020 can be exploited remotely to execute arbitrary code.
  6. A denial of service vulnerability in .NET and Visual Studio can be exploited remotely to cause denial of service.
  7. An elevation of privilege vulnerability in .NET and Visual Studio can be exploited remotely to gain privileges.
  8. A remote code execution vulnerability in .NET, .NET Framework, and Visual Studio can be exploited remotely to execute arbitrary code.
  9. A remote code execution vulnerability in .NET and Visual Studio can be exploited remotely to execute arbitrary code.
  10. A spoofing vulnerability in Azure DevOps Server can be exploited remotely to spoof user interface.
  11. A remote code execution vulnerability in .NET Framework can be exploited remotely to execute arbitrary code.
  12. A spoofing vulnerability in Visual Studio Code can be exploited remotely to spoof user interface.
  13. Stack buffer overflow vulnerability in Autodesk® FBX® can be exploited remotely to obtain sensitive information.
  14. A remote code execution vulnerability in NuGet Client can be exploited remotely to execute arbitrary code.
  15. A denial of service vulnerability in Yet Another Reverse Proxy (YARP) can be exploited remotely to cause denial of service.
  16. A denial of service vulnerability in Sysinternals Process Monitor for Windows can be exploited remotely to cause denial of service.
  17. A denial of service vulnerability in .NET, .NET Framework, and Visual Studio can be exploited remotely to cause denial of service.
  18. Heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 can be exploited remotely to execute arbitrary code.
Exploitation

Public exploits exist for this vulnerability.

Affected products

NuGet 6.3.2
Microsoft Visual Studio 2013 Update 5
Microsoft Visual Studio 2015 Update 3
Microsoft .NET Framework 3.5 AND 4.8
Microsoft .NET Framework 3.5 AND 4.8.1
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft Visual Studio 2022 version 17.5
NuGet 6.0.4
Microsoft .NET Framework 3.5 and 4.6.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
NuGet 6.4.1
Microsoft .NET Framework 4.8
Azure DevOps Server 2020.1.2
.NET 6.0
Microsoft Visual Studio 2022 version 17.0
NuGet 6.2.3
Microsoft .NET Framework 4.6.2
Microsoft Visual Studio 2022 version 17.2
Microsoft .NET Framework 2.0 Service Pack 2
YARP 2.0
Microsoft .NET Framework 3.0 Service Pack 2
Windows Sysinternals Process Monitor
NuGet 6.5.0
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 version 17.6
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 AND 4.7.2
NuGet 6.6.0
Sysinternals Suite
Microsoft Visual Studio 2022 version 17.4
.NET 7.0
Visual Studio Code

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2023-29007
CVE-2023-33139
CVE-2023-24936
CVE-2023-27909
CVE-2023-32030
CVE-2023-32032
CVE-2023-25815
CVE-2023-24895
CVE-2023-24897
CVE-2023-33126
CVE-2023-29011
CVE-2023-21565
CVE-2023-29326
CVE-2023-33144
CVE-2023-33135
CVE-2023-27910
CVE-2023-29337
CVE-2023-33141
CVE-2023-29353
CVE-2023-25652
CVE-2023-29331
CVE-2023-27911
CVE-2023-33128
CVE-2023-21569
CVE-2023-29012

Impacts
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
Related products
Microsoft .NET Framework
Microsoft Visual Studio
Microsoft Windows
Microsoft Azure
CVE-IDS
?
CVE-2023-258152.2Warning
CVE-2023-290077.8Critical
CVE-2023-256527.5Critical
CVE-2023-290127.8Critical
CVE-2023-290117.8Critical
CVE-2023-331395.5High
CVE-2023-249367.5Critical
CVE-2023-279097.8Critical
CVE-2023-320307.5Critical
CVE-2023-320326.5High
CVE-2023-248957.8Critical
CVE-2023-248977.8Critical
CVE-2023-331267.3High
CVE-2023-215657.1High
CVE-2023-293267.8Critical
CVE-2023-331446.6High
CVE-2023-331357.3High
CVE-2023-279107.8Critical
CVE-2023-293377.1High
CVE-2023-331417.5Critical
CVE-2023-293535.5High
CVE-2023-293317.5Critical
CVE-2023-279117.8Critical
CVE-2023-331287.3High
CVE-2023-215695.5High
KB list

5027230
5027219
5026454
5027798
5027533
5027539
5027532
5025792
5027119
5026455
5027797
5027540
5027123
5026610
5027537
5027534
5027544
5027543
5027536
5027531
5027541
5027538
5027542

Microsoft official advisories
Microsoft Security Update Guide
Find out the statistics of the vulnerabilities spreading in your region