Kaspersky Threats

Дата обнаружения

11/12/2018

Уровень угрозы

Critical

Описание

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code.

Below is a complete list of vulnerabilities:

An elevation of privilege vulnerability in Diagnostics Hub Standard Collector Service can be exploited remotely to gain privileges.
A denial of service vulnerability in Microsoft .NET Framework can be exploited remotely via specially crafted requests to cause denial of service.
A remote code execution vulnerability in Microsoft .NET Framework can be exploited remotely to execute arbitrary code.

Пораженные продукты

Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.7/4.7.1/4.7.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 4.7.1/4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft Visual Studio 2015 Update 3
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft Visual Studio 2017

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения

CVE-2018-8599
CVE-2018-8517
CVE-2018-8540

Оказываемое влияние

?

ACE

[?]

DoS

[?]

PE

[?]