KLA61979
Multiple vulnerabilities in Microsoft Developer Tools

Обновлено: 15/11/2023
Дата обнаружения
14/11/2023
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, bypass security restrictions, spoof user interface.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in .NET, .NET Framework, and Visual Studio can be exploited remotely to gain privileges.
  2. A denial of service vulnerability in Visual Studio can be exploited remotely to cause denial of service.
  3. A security feature bypass vulnerability in ASP.NET Core can be exploited remotely to bypass security restrictions.
  4. A denial of service vulnerability in ASP.NET Core can be exploited remotely to cause denial of service.
  5. A spoofing vulnerability in Visual Studio Code Jupyter Extension can be exploited remotely to spoof user interface.
  6. A security feature bypass vulnerability in ASP.NET can be exploited remotely to bypass security restrictions.
Пораженные продукты

Microsoft Visual Studio 2022 version 17.4
.NET 7.0
ASP.NET Core 8.0
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5.1
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2022 version 17.7
ASP.NET Core 7.0
Microsoft .NET Framework 3.5
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
.NET 8.0
ASP.NET Core 6.0
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 3.5 AND 4.6/4.6.2
Microsoft .NET Framework 3.5 AND 4.7.2
Jupyter Extension for Visual Studio Code
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
.NET 6.0
Microsoft .NET Framework 3.5 AND 4.8.1
Microsoft .NET Framework 4.8
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 AND 4.8
Microsoft Visual Studio 2022 version 17.6

Решение

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Первичный источник обнаружения
CVE-2023-36049
CVE-2023-36042
CVE-2023-36558
CVE-2023-36038
CVE-2023-36018
CVE-2023-36560
Оказываемое влияние
?
DoS 
[?]

SB 
[?]

PE 
[?]

SUI 
[?]
Связанные продукты
Microsoft .NET Framework
Microsoft Visual Studio
.NET
CVE-IDS
CVE-2023-365586.2High
CVE-2023-360497.6Critical
CVE-2023-360426.2High
CVE-2023-360388.2Critical
CVE-2023-360187.8Critical
CVE-2023-365608.8Critical
KB list

5032199
5032197
5032343
5032007
5032337
5032186
5032340
5032004
5032338
5032344
5032341
5032342
5032339
5032336
5032883
5032884
5031989
5032185

Узнай статистику распространения уязвимостей в твоем регионе