KLA11330
Multiple vulnerabilities in Microsoft Developer Tools
Обновлено: 22/07/2020
Дата обнаружения
09/10/2018
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A memory corruption vulnerability in Azure IoT Device Client SDK can be exploited remotely to obtain sensitive information.
  2. An information disclosure vulnerability in .NET Core can be exploited remotely to obtain sensitive information.
Пораженные продукты

Azure IoT Edge
Hub Device Client SDK for Azure IoT
.NET Core 1.0
PowerShell Core 6.0
.NET Core 1.1
.NET Core 2.1

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2018-8531
CVE-2018-8292
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]
Связанные продукты
Microsoft Edge
Microsoft Azure
CVE-IDS
CVE-2018-85310.0Unknown
CVE-2018-82920.0Unknown
Microsoft official advisories
Microsoft Security Update Guide