The vulnerability of the Diagnostics Hub Standard Collector and Visual Studio Standard Collector components of the Microsoft Visual Studio software for developing applications, as well as Windows operating systems, allows a perpetrator to create files in arbitrary directories.

🗓️ 25 Mar 2020 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Vulnerability in Diagnostics Hub and Visual Studio collectors on Windows enables arbitrary file creation via insecure privilege management.

Reporter	Title	Published	Views	Family All 27
CNVD	Microsoft Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability	20 Mar 202000:00	–	cnvd
CVE	CVE-2020-0810	12 Mar 202015:48	–	cve
Cvelist	CVE-2020-0810	12 Mar 202015:48	–	cvelist
EUVD	EUVD-2020-2297	7 Oct 202500:30	–	euvd
Microsoft KB	Description of the security update for the elevation of privilege vulnerability in Microsoft Visual Studio 2015 Update 3: March 10, 2020	10 Mar 202007:00	–	mskb
Microsoft KB	March 10, 2020—KB4538461 (OS Build 17763.1098)	10 Mar 202007:00	–	mskb
Microsoft KB	March 10, 2020—KB4540693 (OS Build 10240.18519)	10 Mar 202007:00	–	mskb
Kaspersky	KLA11682 Multiple vulnerabilities in Microsoft Developer Tools	10 Mar 202000:00	–	kaspersky
Kaspersky	KLA11689 Multiple vulnerabilities in Microsoft Windows	10 Mar 202000:00	–	kaspersky
Microsoft CVE	Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability	10 Mar 202007:00	–	mscve

Vulners

Node

microsoft microsoft_visual_studio_2017Match15.9

OR

microsoft microsoft_visual_studio_2019Match16.0

OR

microsoft microsoft_visual_studio_2019Match16.4

Source	Link
portal	www.portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0810
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-0810
nvd	www.nvd.nist.gov/vuln/detail

25 Mar 2020 00:00Current

7.3High risk

Vulners AI Score7.3

CVSS 27.2

CVSS 37.8

EPSS0.0098

Diagnostics Hub Visual Studio Windows Arbitrary file creation Insecure privilege management