KLA12535
Multiple vulnerabilities in Microsoft Developer Tools

Обновлено: 19/05/2022
Дата обнаружения
10/05/2022
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service.

Below is a complete list of vulnerabilities:

  1. A denial of service vulnerability in .NET and Visual Studio can be exploited remotely to None.
  2. A remote code execution vulnerability in Visual Studio Code can be exploited remotely to execute arbitrary code.
  3. A denial of service vulnerability in .NET and Visual Studio can be exploited remotely to cause denial of service.
  4. A remote code execution vulnerability in Visual Studio can be exploited remotely to execute arbitrary code.
  5. A denial of service vulnerability in .NET Framework can be exploited remotely to cause denial of service.
Пораженные продукты

.NET Core 3.1
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
.NET 5.0
Microsoft .NET Framework 3.5 AND 4.7.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
.NET 6.0
Microsoft .NET Framework 4.8
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5.1
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Visual Studio Code
Microsoft .NET Framework 4.6
Microsoft Visual Studio 2022 version 17.0
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5
Microsoft Visual Studio 2022 version 17.1
Microsoft .NET Framework 3.5 AND 4.8

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2022-23267
CVE-2022-30129
CVE-2022-29117
CVE-2022-29148
CVE-2022-30130
CVE-2022-29145
Оказываемое влияние
?
ACE 
[?]

DoS 
[?]
Связанные продукты
Microsoft .NET Framework
Microsoft Visual Studio
CVE-IDS
CVE-2022-232675.0Critical
CVE-2022-301295.0Critical
CVE-2022-291175.0Critical
CVE-2022-291485.0Critical
CVE-2022-301305.0Critical
CVE-2022-291455.0Critical
KB list

5013952
5013627
5014326
5013630
5013840
5013870
5013838
5013872
5013628
5013625
5013868
5014329
5013837
5013839
5013871
5013624
5013873
5014330

Microsoft official advisories
Microsoft Security Update Guide
Узнай статистику распространения уязвимостей в твоем регионе