KLA12110
Multiple vulnerabilities in Microsoft Developer Tools

Обновлено: 10/03/2021
Дата обнаружения
09/03/2021
Уровень угрозы
Critical
Описание

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. A remote code execution vulnerability in Visual Studio Code ESLint Extension can be exploited remotely to execute arbitrary code.
  2. A remote code execution vulnerability in Visual Studio Code can be exploited remotely to execute arbitrary code.
  3. A remote code execution vulnerability in Git for Visual Studio can be exploited remotely to execute arbitrary code.
  4. A remote code execution vulnerability in Quantum Development Kit for Visual Studio Code can be exploited remotely to execute arbitrary code.
  5. A remote code execution vulnerability in Remote Development Extension for Visual Studio Code can be exploited remotely to execute arbitrary code.
  6. A remote code execution vulnerability in Visual Studio Code Java Extension Pack can be exploited remotely to execute arbitrary code.
Пораженные продукты

Visual Studio Code Remote - Containers Extension
Microsoft Quantum Development Kit for Visual Studio Code
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Visual Studio Code - Java Extension Pack
Visual Studio Code
Microsoft Visual Studio 2019 version 16.8 (includes 16.0 - 16.7)
Microsoft Visual Studio Code ESLint extension
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2021-27081
CVE-2021-27060
CVE-2021-21300
CVE-2021-27082
CVE-2021-27083
CVE-2021-27084
Оказываемое влияние
?
ACE 
[?]
Связанные продукты
Microsoft Visual Studio
CVE-IDS
CVE-2021-270819.3Critical
CVE-2021-270606.8High
CVE-2021-213005.1High
CVE-2021-270829.3Critical
CVE-2021-270839.3Critical
CVE-2021-270849.3Critical