KLA11956
Multiple vulnerabilities in Microsoft Developer Tools

Обновлено: 08/09/2022
Дата обнаружения
08/09/2020
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Diagnostics Hub Standard Collector can be exploited remotely via specially crafted application to gain privileges.
  2. A remote code execution vulnerability in Visual Studio can be exploited remotely via specially crafted file to execute arbitrary code.
  3. A remote code execution vulnerability in Visual Studio JSON can be exploited remotely to execute arbitrary code.
  4. A security feature bypass vulnerability in Microsoft ASP.NET Core can be exploited remotely to bypass security restrictions.
  5. A security feature bypass vulnerability in Windows Defender Application Control can be exploited remotely to bypass security restrictions.
Пораженные продукты

ASP.NET Core 3.1
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Visual Studio Code
ASP.NET Core 2.1
Microsoft Visual Studio 2013 Update 5
Microsoft Visual Studio 2012 Update 5
Microsoft Visual Studio 2015 Update 3
PowerShell 7.1
PowerShell 7.0
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2020-1130
CVE-2020-1133
CVE-2020-16874
CVE-2020-16881
CVE-2020-1045
CVE-2020-16856
CVE-2020-0951
Оказываемое влияние
?
ACE 
[?]

SB 
[?]

PE 
[?]
Связанные продукты
Microsoft Visual Studio
CVE-IDS
CVE-2020-11304.6Warning
CVE-2020-09517.2High
CVE-2020-11334.6Warning
CVE-2020-168749.3Critical
CVE-2020-168819.3Critical
CVE-2020-10455.0Critical
CVE-2020-168569.3Critical
KB list

4576950
4571480
4571481

Microsoft official advisories
Microsoft Security Update Guide
Узнай статистику распространения уязвимостей в твоем регионе