KLA11634
Multiple vulnerabilities in Developer Tools
Обновлено: 17/01/2020
Дата обнаружения
14/01/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in ASP.NET Core can be exploited remotely via specially crafted file to execute arbitrary code.
  2. A denial of service vulnerability in ASP.NET Core can be exploited remotely via specially crafted requests to cause denial of service.
  3. A remote code execution vulnerability in .NET Framework can be exploited remotely via specially crafted file to execute arbitrary code.
  4. A remote code execution vulnerability in .NET Framework can be exploited remotely.
Пораженные продукты

.NET Core 3.0
ASP.NET Core 3.0
ASP.NET Core 2.1
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5 AND 4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.8
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 3.5 AND 4.8
.NET Core 3.1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.0 Service Pack 2
ASP.NET Core 3.1

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2020-0603
CVE-2020-0602
CVE-2020-0605
CVE-2020-0646
CVE-2020-0606
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]
Связанные продукты
Microsoft .NET Framework
CVE-IDS
CVE-2020-06030.0Unknown
CVE-2020-06020.0Unknown
CVE-2020-06050.0Unknown
CVE-2020-06460.0Unknown
CVE-2020-06060.0Unknown
KB list

4535101
4534306
4534978
4534976
4532933
4534276
4532938
4532936
4534271
4534979
4532935
4535103
4535104
4535105
4534293
4534977
4535102

Microsoft official advisories
Microsoft Security Update Guide