Kaspersky Threats

Detect date

?

11/14/2023

Severity

?

High

Description

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability in .NET, .NET Framework, and Visual Studio can be exploited remotely to gain privileges.
A denial of service vulnerability in Visual Studio can be exploited remotely to cause denial of service.
A security feature bypass vulnerability in ASP.NET Core can be exploited remotely to bypass security restrictions.
A denial of service vulnerability in ASP.NET Core can be exploited remotely to cause denial of service.
A spoofing vulnerability in Visual Studio Code Jupyter Extension can be exploited remotely to spoof user interface.
A security feature bypass vulnerability in ASP.NET can be exploited remotely to bypass security restrictions.

Affected products

Microsoft Visual Studio 2022 version 17.4
.NET 7.0
ASP.NET Core 8.0
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5.1
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2022 version 17.7
ASP.NET Core 7.0
Microsoft .NET Framework 3.5
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
.NET 8.0
ASP.NET Core 6.0
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 3.5 AND 4.6/4.6.2
Microsoft .NET Framework 3.5 AND 4.7.2
Jupyter Extension for Visual Studio Code
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
.NET 6.0
Microsoft .NET Framework 3.5 AND 4.8.1
Microsoft .NET Framework 4.8
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 AND 4.8
Microsoft Visual Studio 2022 version 17.6

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories

CVE-2023-36049
CVE-2023-36042
CVE-2023-36558
CVE-2023-36038
CVE-2023-36018
CVE-2023-36560

Impacts

?

DoS

[?]

SB

[?]

PE

[?]

SUI

[?]

Detect date ?	11/14/2023
Severity ?	High
Description	Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, bypass security restrictions, spoof user interface. Below is a complete list of vulnerabilities: An elevation of privilege vulnerability in .NET, .NET Framework, and Visual Studio can be exploited remotely to gain privileges. A denial of service vulnerability in Visual Studio can be exploited remotely to cause denial of service. A security feature bypass vulnerability in ASP.NET Core can be exploited remotely to bypass security restrictions. A denial of service vulnerability in ASP.NET Core can be exploited remotely to cause denial of service. A spoofing vulnerability in Visual Studio Code Jupyter Extension can be exploited remotely to spoof user interface. A security feature bypass vulnerability in ASP.NET can be exploited remotely to bypass security restrictions.
Affected products	Microsoft Visual Studio 2022 version 17.4 .NET 7.0 ASP.NET Core 8.0 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 3.5.1 Microsoft Visual Studio 2022 version 17.2 Microsoft Visual Studio 2022 version 17.7 ASP.NET Core 7.0 Microsoft .NET Framework 3.5 Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) .NET 8.0 ASP.NET Core 6.0 Microsoft .NET Framework 4.6.2 Microsoft .NET Framework 3.5 AND 4.6/4.6.2 Microsoft .NET Framework 3.5 AND 4.7.2 Jupyter Extension for Visual Studio Code Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 .NET 6.0 Microsoft .NET Framework 3.5 AND 4.8.1 Microsoft .NET Framework 4.8 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.5 AND 4.8 Microsoft Visual Studio 2022 version 17.6
Solution	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories	CVE-2023-36049 CVE-2023-36042 CVE-2023-36558 CVE-2023-36038 CVE-2023-36018 CVE-2023-36560
Impacts ?	DoS [?] SB [?] PE [?] SUI [?]
Related products	Microsoft .NET Framework Microsoft Visual Studio .NET
CVE-IDS ?	CVE-2023-365586.2High CVE-2023-360497.6Critical CVE-2023-360426.2High CVE-2023-360388.2Critical CVE-2023-360187.8Critical CVE-2023-365608.8Critical
KB list	5032199 5032197 5032343 5032007 5032337 5032186 5032340 5032004 5032338 5032344 5032341 5032342 5032339 5032336 5032883 5032884 5031989 5032185
	Find out the statistics of the vulnerabilities spreading in your region

KLA61979Multiple vulnerabilities in Microsoft Developer Tools

KLA61979
Multiple vulnerabilities in Microsoft Developer Tools