KLA11419
Multiple vulnerabilities in Microsoft Developer tools
Обновлено: 26/06/2019
Дата обнаружения
12/02/2019
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Developer tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, spoof user interface, gain privileges.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Azure IoT Java SDK can be exploited remotely to obtain sensitive information.
  2. A remote code execution vulnerability in .NET Framework and Visual Studio can be exploited remotely via specially crafted file to execute arbitrary code.
  3. A remote code execution vulnerability in Visual Studio Code can be exploited remotely to execute arbitrary code.
  4. Multiple memory corruption vulnerabilities in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  5. A spoofing vulnerability in .NET Framework and Visual Studio can be exploited remotely to spoof user interface.
  6. An elevation of privilege vulnerability in Azure IoT Java SDK can be exploited remotely to gain privileges.
  7. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  8. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
Пораженные продукты

.NET Core 1.0
.NET Core 1.1
.NET Core 2.1
.NET Core 2.2
ChakraCore
Java SDK for Azure IoT
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.7.1/4.7.2
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.7/4.7.1/4.7.2
Microsoft Visual Studio 2017
Microsoft Visual Studio 2017 version 15.9
Team Foundation Server 2018 Update 3.2
Visual Studio Code

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2019-0741
CVE-2019-0607
CVE-2019-0644
CVE-2019-0743
CVE-2019-0613
CVE-2019-0742
CVE-2019-0593
CVE-2019-0642
CVE-2019-0728
CVE-2019-0590
CVE-2019-0651
CVE-2019-0657
CVE-2019-0729
CVE-2019-0652
CVE-2019-0655
CVE-2019-0640
CVE-2019-0605
CVE-2019-0658
CVE-2019-0610
CVE-2019-0649
CVE-2019-0591
CVE-2019-0631
CVE-2019-0632
CVE-2019-0627
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft .NET Framework
Microsoft Visual Studio
ChakraCore
CVE-IDS
CVE-2019-06277.8Critical
CVE-2019-06317.8Critical
CVE-2019-06327.8Critical
CVE-2019-07417.5Critical
CVE-2019-06074.2Warning
CVE-2019-06444.2Warning
CVE-2019-07435.4High
CVE-2019-06138.8Critical
CVE-2019-07425.4High
CVE-2019-05934.2Warning
CVE-2019-06424.2Warning
CVE-2019-07287.8Critical
CVE-2019-05904.2Warning
CVE-2019-06514.2Warning
CVE-2019-06575.9High
CVE-2019-07299.8Critical
CVE-2019-06524.2Warning
CVE-2019-06554.2Warning
CVE-2019-06404.2Warning
CVE-2019-06054.2Warning
CVE-2019-06584.3Warning
CVE-2019-06104.2Warning
CVE-2019-06494.2Warning
CVE-2019-05914.2Warning
KB list

4487020
4487017
4486996
4487026
4487044
4487018
4483452
4483449
4483455
4483469
4483484
4483482
4483468
4483470
4483483
4483474
4483473
4483451
4483453
4483457
4483472
4483458
4483459
4483454
4483456
4483481
4483450

Microsoft official advisories
Microsoft Security Update Guide