KLA11305 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information.

Below is a complete list of vulnerabilities:

1. An elevation of privilege vulnerability in Diagnostic Hub Standard Collector can be exploited remotely via specially crafted application to gain privileges.
2. An information disclosure vulnerability in .NET Framework can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2018-0952

CVE-2018-8360

Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Related products

Microsoft-.NET-Framework

Microsoft-Visual-Studio

Microsoft-Windows

Microsoft-Windows-Server

Microsoft-Windows-10

CVE list

CVE-2018-0952 critical

CVE-2018-8360 critical

KB list

4344151

4344146

4343909

4344166

4344177

4344178

4344147

4344148

4343885

4344172

4344144

4343887

4344149

4344175

4344165

4344167

4343892

4344153

4344150

4344152

4344176

4344171

4344173

4344145

4343897

4469516

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• SB

Security bypass. Exploitation of vulnerabilities with this impact can lead to performing actions restricted by current security settings.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

• Windows 10 Version 1607 for x64-based SystemsWindows 10 Version 1607 for 32-bit SystemsWindows 10 for x64-based SystemsWindows 10 for 32-bit SystemsWindows Server 2016Windows 10 Version 1703 for x64-based SystemsWindows 10 Version 1703 for 32-bit SystemsWindows 10 Version 1709 for 32-bit SystemsWindows 10 Version 1803 for 32-bit SystemsWindows 10 Version 1803 for x64-based SystemsMicrosoft Visual Studio 2015 Update 3Microsoft Visual Studio 2017Microsoft .NET Framework 3.5.1Microsoft .NET Framework 3.5Microsoft .NET Framework 4.5.2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 4.7.2Microsoft .NET Framework 4.6/4.6.1/4.6.2Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.7/4.7.1/4.7.2Microsoft .NET Framework 4.7.1/4.7.2Windows 10 Version 1709 for x64-based SystemsWindows Server, version 1803 (Server Core Installation)Windows Server 2016 (Server Core installation)Windows Server, version 1709 (Server Core Installation)Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2