KLA11535
Multiple vulnerabilities in Microsoft Development Tools
Обновлено: 20/08/2019
Дата обнаружения
13/08/2019
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

  1. Multiple memory corruption vulnerabilities in Chakra Scripting Engine can be exploited remotely via specially crafted website to execute arbitrary code.
  2. An elevation of privilege vulnerability in Git for Visual Studio can be exploited remotely to gain privileges.
Пораженные продукты

ChakraCore
Microsoft Visual Studio 2017
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2017 version 15.9
Microsoft Visual Studio 2019 version 16.2

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2019-1195
CVE-2019-1140
CVE-2019-1141
CVE-2019-1197
CVE-2019-1139
CVE-2019-1196
CVE-2019-1211
CVE-2019-1131
Оказываемое влияние
?
ACE 
[?]

PE 
[?]
Связанные продукты
Microsoft Visual Studio
ChakraCore
CVE-IDS
CVE-2019-11314.2Warning
CVE-2019-11964.2Warning
CVE-2019-11974.2Warning
CVE-2019-11954.2Warning
CVE-2019-11404.2Warning
CVE-2019-11394.2Warning
CVE-2019-11414.2Warning
CVE-2019-12110.0Unknown
Microsoft official advisories
Microsoft Security Update Guide
KB list

4512516
4511553
4512501
4512497
4512517
4512508
4512507