KLA11634
Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in ASP.NET Core can be exploited remotely via specially crafted file to execute arbitrary code.
2. A denial of service vulnerability in ASP.NET Core can be exploited remotely via specially crafted requests to cause denial of service.
3. A remote code execution vulnerability in .NET Framework can be exploited remotely via specially crafted file to execute arbitrary code.
4. A remote code execution vulnerability in .NET Framework can be exploited remotely.

The following public exploits exists for this vulnerability:

https://github.com/5l1v3r1/CVE-2020-0606

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

.NET Core 3.0
ASP.NET Core 3.0
ASP.NET Core 2.1
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5 AND 4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.8
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 3.5 AND 4.8
.NET Core 3.1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.0 Service Pack 2
ASP.NET Core 3.1

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

4535101
4534306
4534978
4534976
4532933
4534276
4532938
4532936
4534271
4534979
4532935
4535103
4535104
4535105
4534293
4534977
4535102
4556826
4556813
4556812
4556807
4556406
4556405
4556404
4556403
4556402
4556401
4556400
4556441
4552929
4552926
4552931
4556399
4552928