KLA11575
Multiple vulnerabilities in Microsoft Developer Tools
Обновлено: 22/05/2020
Дата обнаружения
08/10/2019
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Azure Stack can be exploited remotely to execute arbitrary code.
  2. An information disclosure vulnerability in Open Enclave SDK can be exploited remotely to obtain sensitive information.
Пораженные продукты

Azure App Service on Azure Stack
Open Enclave SDK
Windows Azure Pack Web Sites V2

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2019-1372
CVE-2019-1369
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]
Связанные продукты
Microsoft Windows
Microsoft Azure
CVE-IDS
CVE-2019-13720.0Unknown
CVE-2019-13690.0Unknown
KB list

4524964

Microsoft official advisories
Microsoft Security Update Guide