Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11383
HistoryDec 11, 2019 - 12:00 a.m.

KLA11383 Multiple vulnerabilities in Microsoft Developer Tools

2019-12-1100:00:00
Kaspersky Lab
threats.kaspersky.com
97

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.5%

JSON

Detect date:

12/11/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges.

Affected products:

Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 4.7.2
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2016 (Server Core installation)
Windows 10 Version 1809 for x64-based Systems
Windows Server 2016
Microsoft Visual Studio 2017
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Microsoft Visual Studio 2015 Update 3
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Microsoft .NET Framework 4.7/4.7.1/4.7.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Microsoft .NET Framework 4.7.1/4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-8517
CVE-2018-8540
CVE-2018-8599

Impacts:

ACE

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2018-8517

KB list:

4469516
4470500
4470638
4471329
4471323
4470640
4470498
4471324
4470637
4470601
4470639
4470491
4470641
4470622
4470493
4470600
4471327
4470602
4470492
4470502
4470623
4471321
4470630
4470629
4470499
4470633
4471102

Microsoft official advisories:

References

Related

kaspersky 2
mskb 36
openvas 14
nessus 12
symantec 3
cvelist 3
prion 3
cve 3
mscve 3
thn 1
threatpost 1
talosblog 1
kaspersky
kaspersky
KLA11897 Multiple vulnerabilities in Microsoft Developer Tools
2018-12-11 00:00:00
KLA11385 Multiple vulnerabilities in Microsoft Windows
2018-12-11 00:00:00
mskb
mskb
Description of the Security Only update for .NET Framework 4.5.2 for Windows 8.1 and Server 2012 R2 (KB 4470491)
2018-12-11 08:00:00
Description of the Security Only update for .NET Framework 4.5.2 for Windows 7 SP1, Server 2008 R2 SP1, and Server 2008 SP2 (KB 4470493)
2018-12-11 08:00:00
Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows Server 2012 (KB 4470498)
2018-12-11 08:00:00
openvas
openvas
Microsoft .NET Framework 3.5 Multiple Vulnerabilities (KB4470630)
2018-12-12 00:00:00
Microsoft .NET Framework 4.5.2 Multiple Vulnerabilities (KB4470622)
2018-12-12 00:00:00
Microsoft .NET Framework Multiple Vulnerabilities (KB4470640)
2018-12-12 00:00:00
nessus
nessus
Security Updates for Microsoft .NET Framework (December 2018)
2018-12-13 00:00:00
Security Updates for Microsoft Visual Studio Products (December 2018)
2018-12-13 00:00:00
KB4471329: Windows 10 Version 1709 and Windows Server Version 1709 December 2018 Security Update
2018-12-11 00:00:00
symantec
symantec
Microsoft Windows CVE-2018-8599 Local Privilege Escalation Vulnerability
2018-12-11 00:00:00
Microsoft .NET Framework CVE-2018-8517 Remote Denial of Service Vulnerability
2018-12-11 00:00:00
Microsoft .NET Framework CVE-2018-8540 Remote Code Execution Vulnerability
2018-12-11 00:00:00
cvelist
cvelist
CVE-2018-8599
2018-12-12 00:00:00
CVE-2018-8517
2018-12-12 00:00:00
CVE-2018-8540
2018-12-12 00:00:00
prion
prion
Privilege escalation
2018-12-12 00:29:00
Remote code execution
2018-12-12 00:29:00
Denial of service
2018-12-12 00:29:00
cve
cve
CVE-2018-8599
2018-12-12 00:29:00
CVE-2018-8517
2018-12-12 00:29:00
CVE-2018-8540
2018-12-12 00:29:00
mscve
mscve
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
2018-12-11 08:00:00
.NET Framework Remote Code Execution Injection Vulnerability
2018-12-11 08:00:00
.NET Framework Denial Of Service Vulnerability
2018-12-11 08:00:00
thn
thn
Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack
2018-12-12 08:48:00
threatpost
threatpost
Zero-Day Bug Patched by Microsoft, Part of December Patch TuesdZero-Day Bug Fixed by Microsoft in December Patch Tuesdayay
2018-12-11 22:02:00
talosblog
talosblog
Microsoft Patch Tuesday — December 2018: Vulnerability disclosures and Snort coverage
2018-12-11 10:35:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.01 Low

EPSS

Percentile

83.5%

JSON
Related for KLA11383
kaspersky2mskb36openvas14nessus12symantec3cvelist3prion3cve3mscve3thn1threatpost1talosblog1