Kaspersky Threats

KLA11501
Multiple vulnerabilities in Microsoft Developer Tools

Обновлено: 13/03/2020

Дата обнаружения	11/06/2019
Уровень угрозы	Critical
Описание	Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information. A spoofing vulnerability in Azure DevOps Server can be exploited remotely to spoof user interface.
Пораженные продукты	ChakraCore Microsoft Edge Azure DevOps Server 2019
Решение	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Первичный источник обнаружения	CVE-2019-1051 CVE-2019-0993 CVE-2019-0991 CVE-2019-1024 CVE-2019-1023 CVE-2019-0996 CVE-2019-1003 CVE-2019-0989 CVE-2019-0990 CVE-2019-1052
Оказываемое влияние ?	ACE [?] OSI [?] SUI [?]
Связанные продукты	ChakraCore
CVE-IDS	CVE-2019-10510.0Unknown CVE-2019-09930.0Unknown CVE-2019-10240.0Unknown CVE-2019-09890.0Unknown CVE-2019-09900.0Unknown CVE-2019-09910.0Unknown CVE-2019-10230.0Unknown CVE-2019-10030.0Unknown CVE-2019-10520.0Unknown CVE-2019-09960.0Unknown
Microsoft official advisories	Microsoft Security Update Guide