KLA11934
Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges.

Below is a complete list of vulnerabilities:

1. A denial of service vulnerability in ASP.NET Core can be exploited remotely via specially crafted requests to cause denial of service.
2. A remote code execution vulnerability in .NET Framework can be exploited remotely via specially crafted file to execute arbitrary code.
3. A remote code execution vulnerability in Visual Studio Code can be exploited remotely to execute arbitrary code.
4. An elevation of privilege vulnerability in ASP.NET and .NET can be exploited remotely via specially crafted request to gain privileges.

Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2
Microsoft .NET Framework 4.8
Microsoft Visual Studio 2019 version 16.0
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2
Microsoft .NET Framework 4.6
ASP.NET Core 3.1
Microsoft .NET Framework 2.0 Service Pack 2
Visual Studio Code
ASP.NET Core 2.1
Microsoft .NET Framework 3.5 AND 4.8
Microsoft .NET Framework 3.5 AND 4.7.2
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 3.5
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

4571692
4571694
4571709
4571741
4569751
4569748
4569749
4569746
4569745
4570506
4570507
4570502
4570500
4570501
4570505
4570509
4570508
4570503