KLA11618
Multiple vulnerabilities in Microsoft Developer Tools
Обновлено: 22/05/2020
Дата обнаружения
10/12/2019
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, spoof user interface.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Git for Visual Studio can be exploited remotely to execute arbitrary code.
  2. A tampering vulnerability in Git for Visual Studio can be exploited remotely via specially crafted path to spoof user interface.
  3. A spoofing vulnerability in Visual Studio Live Share can be exploited remotely to spoof user interface.
Пораженные продукты

Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2017 version 15.0
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio Live Share extension

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2019-1352
CVE-2019-1351
CVE-2019-1387
CVE-2019-1350
CVE-2019-1354
CVE-2019-1486
CVE-2019-1349
Оказываемое влияние
?
ACE 
[?]

SUI 
[?]
Связанные продукты
Microsoft Visual Studio
CVE-IDS
CVE-2019-13520.0Unknown
CVE-2019-13510.0Unknown
CVE-2019-13870.0Unknown
CVE-2019-13500.0Unknown
CVE-2019-13540.0Unknown
CVE-2019-14860.0Unknown
CVE-2019-13490.0Unknown
Microsoft official advisories
Microsoft Security Update Guide