KLA11288
Multiple vulnerabilities in Microsoft Development Tools

Обновлено: 09/06/2022
Дата обнаружения
10/07/2018
Уровень угрозы
Critical
Описание

Multiple serious vulnerabilities have been found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, bypass security restrictions, gain privileges.

Below is a complete list of vulnerabilities:

  1. A tampering vulnerability in Microsoft Macro Assembler can be exploited remotely to spoof user interface.
  2. An elevation of privilege vulnerability in .NET Framework can be exploited remotely to gain privileges.
  3. A remote code execution vulnerability in Microsoft SharePoint Server can be exploited remotely to execute arbitrary code.
  4. A security feature bypass vulnerability in ASP.NET can be exploited remotely to bypass security restrictions.
  5. A remote code execution vulnerability in .NET Framework can be exploited remotely to execute arbitrary code.
  6. A security feature bypass vulnerability in MSR JavaScript Cryptography Library can be exploited remotely to bypass security restrictions.
  7. A cross-site-scripting (XSS) vulnerability Open Source Customization for Active Directory Federation Services can be exploited remotely to spoof user interface.
  8. A remote code execution vulnerability in Visual Studio can be exploited remotely to execute arbitrary code.
  9. A security feature bypass vulnerability in .NET Framework can be exploited remotely to bypass security restrictions.
  10. A remote code execution vulnerability in PowerShell Editor Services can be exploited remotely to execute arbitrary code.
Пораженные продукты

.NET Core 2.0
ASP.NET Core 1.1
ASP.NET Core 1.0
ASP.NET Core 2.0
ASP.NET Web Pages 3.2.3
ASP.NET MVC 5.2
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2017
Microsoft Visual Studio 2013 Update 5
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2012 Update 5
Expression Blend 4 Service Pack 3
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Microsoft .NET Framework 4.7/4.7.1/4.7.2
.NET Framework 4.7.2 Developer Pack
Web Customizations for Active Directory Federation Services
PowerShell Extension for Visual Studio Code
PowerShell Editor Services
.NET Core 1.1
.NET Core 1.0
Expression Blend 3 Service Pack 1
Microsoft Research JavaScript Cryptography Library V1.4
Microsoft .NET Framework 4.7.1/4.7.2
PowerShell Core 6.0
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Expression Blend 2 Service Pack 2
PowerShell Core 6.1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2018-8232
CVE-2018-8202
CVE-2018-8284
CVE-2018-8171
CVE-2018-8260
CVE-2018-8319
CVE-2018-8326
CVE-2018-8172
CVE-2018-8356
CVE-2018-8327
Оказываемое влияние
?
ACE 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft .NET Framework
Microsoft Visual Studio
Microsoft Active Directory
Microsoft ASP.NET MVC
CVE-IDS
CVE-2018-83562.1Warning
CVE-2018-83197.5Critical
CVE-2018-83263.5Warning
CVE-2018-82027.2High
CVE-2018-81729.3Critical
CVE-2018-82606.8High
CVE-2018-81715.0Critical
CVE-2018-82324.6Warning
CVE-2018-82849.3Critical
KB list

4338825
4338814
4338829
4338819
4338826
4345421
4345419
4345455
4345420
4345418
4338420
4338611
4338604
4338415
4338421
4338422
4338416
4338601
4336919
4338613
4338418
4338424
4338419
4338417
4339279
4336986
4338600
4338612
4336999
4338606
4336946
4338602
4338605
4338423
4342193
4338610
4342192
4342191
4346877
4344151
4344146
4343909
4344166
4344177
4344178
4344147
4344148
4343885
4344172
4344144
4343887
4344149
4344175
4344165
4344167
4343892
4344153
4344150
4344152
4344176
4344171
4344173
4344145
4343897

Microsoft official advisories
Microsoft Security Update Guide
Узнай статистику распространения уязвимостей в твоем регионе