KLA11419
Multiple vulnerabilities in Microsoft Developer tools
Обновлено: 16/01/2020
Дата обнаружения
12/02/2019
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Developer tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, spoof user interface, gain privileges.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in Azure IoT Java SDK can be exploited remotely to obtain sensitive information.
  2. A remote code execution vulnerability in .NET Framework and Visual Studio can be exploited remotely via specially crafted file to execute arbitrary code.
  3. A remote code execution vulnerability in Visual Studio Code can be exploited remotely to execute arbitrary code.
  4. Multiple memory corruption vulnerabilities in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  5. A spoofing vulnerability in .NET Framework and Visual Studio can be exploited remotely to spoof user interface.
  6. An elevation of privilege vulnerability in Azure IoT Java SDK can be exploited remotely to gain privileges.
  7. A memory corruption vulnerability in Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  8. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information.
Пораженные продукты

.NET Core 1.0
.NET Core 1.1
.NET Core 2.1
.NET Core 2.2
ChakraCore
Java SDK for Azure IoT
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.7.1/4.7.2
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.7/4.7.1/4.7.2
Microsoft Visual Studio 2017
Microsoft Visual Studio 2017 version 15.9
Team Foundation Server 2018 Update 3.2
Visual Studio Code

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2019-0741
CVE-2019-0607
CVE-2019-0644
CVE-2019-0743
CVE-2019-0613
CVE-2019-0742
CVE-2019-0593
CVE-2019-0642
CVE-2019-0728
CVE-2019-0590
CVE-2019-0651
CVE-2019-0657
CVE-2019-0729
CVE-2019-0652
CVE-2019-0655
CVE-2019-0640
CVE-2019-0605
CVE-2019-0658
CVE-2019-0610
CVE-2019-0649
CVE-2019-0591
CVE-2019-0631
CVE-2019-0632
CVE-2019-0627
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft .NET Framework
Microsoft Visual Studio
ChakraCore
CVE-IDS
CVE-2019-06270.0Unknown
CVE-2019-06310.0Unknown
CVE-2019-06320.0Unknown
CVE-2019-07410.0Unknown
CVE-2019-06070.0Unknown
CVE-2019-06440.0Unknown
CVE-2019-07430.0Unknown
CVE-2019-06130.0Unknown
CVE-2019-07420.0Unknown
CVE-2019-05930.0Unknown
CVE-2019-06420.0Unknown
CVE-2019-07280.0Unknown
CVE-2019-05900.0Unknown
CVE-2019-06510.0Unknown
CVE-2019-06570.0Unknown
CVE-2019-07290.0Unknown
CVE-2019-06520.0Unknown
CVE-2019-06550.0Unknown
CVE-2019-06400.0Unknown
CVE-2019-06050.0Unknown
CVE-2019-06580.0Unknown
CVE-2019-06100.0Unknown
CVE-2019-06490.0Unknown
CVE-2019-05910.0Unknown
KB list

4487020
4487017
4486996
4487026
4487018
4483452
4483450
4487081
4487079
4487078
4487124
4487121
4487123
4487122

Microsoft official advisories
Microsoft Security Update Guide