KLA11210
Multiple vulnerabilities in Microsoft Development Tools
Обновлено: 26/06/2019
Дата обнаружения
13/03/2018
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Development Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges or cause denial of service. Below is a complete list of vulnerabilities:

  1. An improper web request handling in ASP.NET Core can be exploited remotely via specially crafted requests to .NET Core application to cause denial of service;
  2. Multiple memory corruption vulnerabilities in Chakra scripting engine can be exploited remotely via specially crafted website to execute arbitrary code;
  3. A hash collision in .NET Core can be exploited remotely to cause denial of service
  4. Multiple unspecified vulnerabilities in scripting engine can be exploited remotely via specially crafted website to obtain sensitive information;
  5. An improper web request handling in ASP.NET Core can be exploited remotely via specially crafted requests to .NET Core application to gain privileges;
Пораженные продукты

PowerShell Core 6.0.0
ASP.NET Core 2.0
ChakraCore
.NET Core 1.1
.NET Core 1.0
.NET Core 2.0

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2018-0872
CVE-2018-0873
CVE-2018-0874
CVE-2018-0891
CVE-2018-0930
CVE-2018-0931
CVE-2018-0933
CVE-2018-0934
CVE-2018-0936
CVE-2018-0937
CVE-2018-0939
CVE-2018-0787
CVE-2018-0808
CVE-2018-0875
CVE-2018-0925
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

DoS 
[?]

PE 
[?]
Связанные продукты
Microsoft .NET Framework
CVE-IDS
CVE-2018-08727.6Critical
CVE-2018-08737.6Critical
CVE-2018-08747.6Critical
CVE-2018-08914.3Warning
CVE-2018-09307.6Critical
CVE-2018-09317.6Critical
CVE-2018-09337.6Critical
CVE-2018-09347.6Critical
CVE-2018-09367.6Critical
CVE-2018-09377.6Critical
CVE-2018-09394.3Warning
CVE-2018-07876.8High
CVE-2018-08085.0Critical
CVE-2018-08755.0Critical
CVE-2018-09257.6Critical
Microsoft official advisories
Microsoft Security Update Guide
KB list

4088782
4088787
4088786
4088875
4088876