Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11288
HistoryJul 10, 2018 - 12:00 a.m.

KLA11288 Multiple vulnerabilities in Microsoft Development Tools

2018-07-1000:00:00
Kaspersky Lab
threats.kaspersky.com
352

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.262 Low

EPSS

Percentile

96.7%

JSON

Detect date:

07/10/2018

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, bypass security restrictions, gain privileges.

Affected products:

.NET Core 2.0
ASP.NET Core 1.1
ASP.NET Core 1.0
ASP.NET Core 2.0
ASP.NET Web Pages 3.2.3
ASP.NET MVC 5.2
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2017
Microsoft Visual Studio 2013 Update 5
Microsoft Visual Studio 2010 Service Pack 1
Microsoft Visual Studio 2012 Update 5
Expression Blend 4 Service Pack 3
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Microsoft .NET Framework 4.7/4.7.1/4.7.2
.NET Framework 4.7.2 Developer Pack
Web Customizations for Active Directory Federation Services
PowerShell Extension for Visual Studio Code
PowerShell Editor Services
.NET Core 1.1
.NET Core 1.0
Expression Blend 3 Service Pack 1
Microsoft Research JavaScript Cryptography Library V1.4
Microsoft .NET Framework 4.7.1/4.7.2
PowerShell Core 6.0
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Expression Blend 2 Service Pack 2
PowerShell Core 6.1
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-8232
CVE-2018-8202
CVE-2018-8284
CVE-2018-8171
CVE-2018-8260
CVE-2018-8319
CVE-2018-8326
CVE-2018-8172
CVE-2018-8356
CVE-2018-8327

Impacts:

ACE

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2018-83562.1Warning
CVE-2018-83197.5Critical
CVE-2018-83263.5Warning
CVE-2018-82027.2High
CVE-2018-81729.3Critical
CVE-2018-82606.8High
CVE-2018-81715.0Warning
CVE-2018-82324.6Warning
CVE-2018-82849.3Critical

KB list:

4338825
4338814
4338829
4338819
4338826
4345421
4345419
4345455
4345420
4345418
4338420
4338611
4338604
4338415
4338421
4338422
4338416
4338601
4336919
4338613
4338418
4338424
4338419
4338417
4339279
4336986
4338600
4338612
4336999
4338606
4336946
4338602
4338605
4338423
4342193
4338610
4342192
4342191
4346877
4344151
4344146
4343909
4344166
4344177
4344178
4344147
4344148
4343885
4344172
4344144
4343887
4344149
4344175
4344165
4344167
4343892
4344153
4344150
4344152
4344176
4344171
4344173
4344145
4343897

Microsoft official advisories:

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

References

Related

nessus 12
mskb 72
openvas 18
mscve 10
cve 10
symantec 10
osv 6
github 3
nodejs 1
veracode 4
prion 10
redhatcve 1
qualysblog 1
myhack58 1
trendmicroblog 1
talosblog 1
kaspersky 1
thn 1
nessus
nessus
Security Updates for Microsoft Visual Studio Products (July 2018)
2018-07-12 00:00:00
Security Updates for Microsoft .NET Framework (July 2018) (deprecated)
2018-07-10 00:00:00
Security Updates for Microsoft .NET core and ASP.NET (Bypass) (July 2018)
2018-07-13 00:00:00
mskb
mskb
Description of the Security and Quality Rollup updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4338419)
2018-07-10 07:00:00
Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 8.1 and Server 2012 R2 (KB 4338605)
2018-07-10 07:00:00
Description of the Security and Quality Rollup updates for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1, and for .NET Framework 4.6 for Server 2008 (KB 4338420)
2018-07-10 07:00:00
openvas
openvas
Microsoft .NET Framework Multiple Vulnerabilities (KB4338419)
2018-07-11 00:00:00
Microsoft .NET Framework Multiple Vulnerabilities (KB4338420)
2018-07-11 00:00:00
Microsoft .NET Framework Multiple Vulnerabilities (KB4338423)
2018-07-11 00:00:00
mscve
mscve
MSR JavaScript Cryptography Library Security Feature Bypass Vulnerability
2018-07-10 07:00:00
Open Source Customization for Active Directory Federation Services XSS Vulnerability
2018-07-10 07:00:00
Microsoft Macro Assembler Tampering Vulnerability
2018-07-10 07:00:00
cve
cve
CVE-2018-8319
2018-07-11 00:29:00
CVE-2018-8232
2018-07-11 00:29:00
CVE-2018-8326
2018-07-11 00:29:00
symantec
symantec
Microsoft MSR JavaScript Cryptography Library CVE-2018-8319 Remote Security Bypass Vulnerability
2018-07-10 00:00:00
Microsoft Macro Assembler CVE-2018-8232 Security Bypass Vulnerability
2018-07-10 00:00:00
Microsoft .NET Framework CVE-2018-8260 Remote Code Execution Vulnerability
2018-07-10 00:00:00
osv
osv
Sensitive Data Exposure in msrcrypto
2018-09-10 15:19:49
CVE-2018-8326
2018-07-11 00:29:02
CVE-2018-8171
2018-07-11 00:29:00
github
github
Sensitive Data Exposure in msrcrypto
2018-09-10 15:19:49
Security feature bypass vulnerability exists in ASP.NET when the number of incorrect login attempts is not validated
2018-10-16 19:56:50
Improper Certificate Validation in Microsoft .NET Framework components
2022-05-14 03:00:10
nodejs
nodejs
Sensitive Data Exposure
2019-08-12 18:09:27
veracode
veracode
Insecure Cryptography
2019-08-07 05:45:35
Remote Code Execution (RCE)
2018-11-16 06:02:37
Brute Force Attacks
2018-07-11 12:35:15
prion
prion
Security feature bypass
2018-07-11 00:29:00
Cross site scripting
2018-07-11 00:29:00
Code injection
2018-07-11 00:29:00
redhatcve
redhatcve
CVE-2018-8356
2018-07-12 01:19:12
qualysblog
qualysblog
July Patch Tuesday – Critical browser patches, Lazy FP, Exchange, Adobe vulns
2018-07-10 18:30:17
myhack58
myhack58
For ASP. NET resource files. RESX and deserialization vulnerability research-exploit warning-the black bar safety net
2018-08-08 00:00:00
trendmicroblog
trendmicroblog
Zero-Day Coverage Update – Week of July 9, 2018
2018-07-13 14:10:20
talosblog
talosblog
Microsoft Patch Tuesday - July 2018
2018-07-10 10:36:00
kaspersky
kaspersky
KLA11287 Multiple vulnerabilities in Microsoft Office
2018-07-10 00:00:00
thn
thn
Microsoft Releases Patch Updates for 53 Vulnerabilities In Its Software
2018-07-10 18:47:00

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.262 Low

EPSS

Percentile

96.7%

JSON
Related for KLA11288
nessus12mskb72openvas18mscve10cve10symantec10osv6github3nodejs1veracode4prion10redhatcve1qualysblog1myhack581trendmicroblog1talosblog1kaspersky1thn1