KLA12020
Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, bypass security restrictions.

Below is a complete list of vulnerabilities:

1. A spoofing vulnerability in Azure DevOps Server can be exploited remotely to spoof user interface.
2. A remote code execution vulnerability in Visual Studio can be exploited remotely to execute arbitrary code.
3. A remote code execution vulnerability in Visual Studio Code Remote Development Extension can be exploited remotely to execute arbitrary code.
4. A remote code execution vulnerability in Visual Studio Code Java Extension Pack can be exploited remotely to execute arbitrary code.
5. A spoofing vulnerability in Azure DevOps Server and Team Foundation Services can be exploited remotely to spoof user interface.
6. A security feature bypass vulnerability in Azure SDK for C can be exploited remotely to bypass security restrictions.
7. A remote code execution vulnerability in Visual Studio Code can be exploited remotely to execute arbitrary code.

Visual Studio Code TS-Lint Extension
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Team Foundation Server 2017 Update 3.1
Azure DevOps Server 2019 Update 1.1
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Azure DevOps Server 2020
Team Foundation Server 2018 Update 3.2
Team Foundation Server 2015 Update 4.2
C SDK for Azure IoT
Team Foundation Server 2018 Update 1.2
Azure DevOps Server 2019.0.1
Microsoft Visual Studio 2019 version 16.8
Visual Studio Code Remote - SSH Extension
Visual Studio Code Language Support for Java Extension

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)