KLA11433
Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. A tampering vulnerability in NuGet Package Manager can be exploited remotely to spoof user interface.
2. A remote code execution vulnerability in Visual Studio can be exploited remotely to execute arbitrary code.
3. A cross-site-scripting (XSS) vulnerability Team Foundation Server can be exploited remotely via specially crafted payload to spoof user interface.

Nuget 4.8.2
Nuget 4.4.2
Nuget 4.7.2
Mono Framework Version 5.18.0.223
.NET Core SDK 2.1.500
Nuget 4.3.1
Nuget 4.9.4
.NET Core SDK 1.1
Mono Framework Version 5.20.0
Nuget 4.6.3
Nuget 4.5.2
Visual Studio 2017 for Mac
.NET Core SDK 2.2.100
Team Foundation Server 2018 Update 3.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Team Foundation Server 2018 Update 1.2
Team Foundation Server 2017 Update 3.1

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)