Kaspersky Threats

KLA11501
Multiple vulnerabilities in Microsoft Developer Tools

Обновлено: 26/06/2019

Дата обнаружения	11/06/2019
Уровень угрозы	Critical
Описание	Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, spoof user interface. Below is a complete list of vulnerabilities: A memory corruption vulnerability in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code. An information disclosure vulnerability in Scripting Engine can be exploited remotely via specially crafted content to obtain sensitive information. A spoofing vulnerability in Azure DevOps Server can be exploited remotely to spoof user interface.
Пораженные продукты	ChakraCore Microsoft Edge Azure DevOps Server 2019
Решение	Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Первичный источник обнаружения	CVE-2019-1051 CVE-2019-0993 CVE-2019-0991 CVE-2019-1024 CVE-2019-1023 CVE-2019-0996 CVE-2019-1003 CVE-2019-0989 CVE-2019-0990 CVE-2019-1052
Оказываемое влияние ?	ACE [?] OSI [?] SUI [?]
Связанные продукты	ChakraCore
CVE-IDS	CVE-2019-10514.2Warning CVE-2019-09934.2Warning CVE-2019-10244.2Warning CVE-2019-09894.2Warning CVE-2019-09906.5High CVE-2019-09914.2Warning CVE-2019-10236.5High CVE-2019-10034.2Warning CVE-2019-10524.2Warning CVE-2019-09960.0Unknown
KB list	4503293 4503327 4503286 4503284 4503267 4503291 4503279
Microsoft official advisories	Microsoft Security Update Guide