KLA11315
Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

1. A denial of service vulnerability in System.IO.Pipelines can be exploited remotely via specially crafted requests to cause denial of service.
2. A denial of service vulnerability in OData can be exploited remotely via specially crafted requests to cause denial of service.
3. A remote code execution vulnerability in .NET Framework can be exploited remotely via specially crafted file to execute arbitrary code.
4. A spoofing vulnerability in Azure IoT SDK can be exploited remotely to spoof user interface.

Microsoft.Data.OData
.NET Core 2.1
ASP.NET Core 2.1
System.IO.Pipelines
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.7.1/4.7.2
ASP.NET Core 2.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.7/4.7.1/4.7.2
C SDK for Azure IoT

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

4457128
4457056
4457028
4457131
4457132
4457025
4457054
4457044
4457034
4457037
4457027
4457045
4457029
4457142
4457030
4457043
4457055
4457035
4457138
4457036
4457042
4457033
4457026
4457053
4457038