KLA11971
Multiple vulnerabilities in Microsoft Developer Tools
Обновлено: 19/10/2020
Дата обнаружения
13/10/2020
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An information disclosure vulnerability in .NET Framework can be exploited remotely via specially crafted application to obtain sensitive information.
  2. A security feature bypass vulnerability in PowerShellGet Module WDAC can be exploited remotely to bypass security restrictions.
  3. A remote code execution vulnerability in Visual Studio Code Python Extension can be exploited remotely via specially crafted file to execute arbitrary code.
Пораженные продукты

Visual Studio Code
Microsoft .NET Framework 3.5 AND 4.8
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4.8
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2
Microsoft .NET Framework 3.5 AND 4.7.2
PowerShellGet 2.2.5
Microsoft .NET Framework 2.0 Service Pack 2

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2020-16937
CVE-2020-16886
CVE-2020-16977
Оказываемое влияние
?
ACE 
[?]

OSI 
[?]

SB 
[?]
Связанные продукты
Microsoft .NET Framework
Microsoft Visual Studio
CVE-IDS
CVE-2020-169370.0Unknown
CVE-2020-168860.0Unknown
CVE-2020-169770.0Unknown
KB list

4579980
4578974
4578972
4578971
4579977
4579978
4579979
4578968
4578969
4580328
4579976
4580330
4580327
4580346
4580470
4580468
4580469
4580467