Kaspersky LabKLA11315KLA11315 Multiple vulnerabilities in Microsoft Developer Tools
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.477 Medium
EPSS
Percentile
97.4%
Detect date:
09/11/2018
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, spoof user interface.
Affected products:
Microsoft.Data.OData
.NET Core 2.1
ASP.NET Core 2.1
System.IO.Pipelines
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.7.1/4.7.2
ASP.NET Core 2.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.7/4.7.1/4.7.2
C SDK for Azure IoT
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2018-8409
CVE-2018-8269
CVE-2018-8421
CVE-2018-8479
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2018-82695.0Warning
CVE-2018-84796.8High
CVE-2018-84095.0Warning
KB list:
4457128
4457056
4457028
4457131
4457132
4457025
4457054
4457044
4457034
4457037
4457027
4457045
4457029
4457142
4457030
4457043
4457055
4457035
4457138
4457036
4457042
4457033
4457026
4457053
4457038
Microsoft official advisories:
Exploitation:
Public exploits exist for this vulnerability.
References
support.microsoft.com/kb/4457025
support.microsoft.com/kb/4457026
support.microsoft.com/kb/4457027
support.microsoft.com/kb/4457028
support.microsoft.com/kb/4457029
support.microsoft.com/kb/4457030
support.microsoft.com/kb/4457033
support.microsoft.com/kb/4457034
support.microsoft.com/kb/4457035
support.microsoft.com/kb/4457036
support.microsoft.com/kb/4457037
support.microsoft.com/kb/4457038
support.microsoft.com/kb/4457042
support.microsoft.com/kb/4457043
support.microsoft.com/kb/4457044
support.microsoft.com/kb/4457045
support.microsoft.com/kb/4457053
support.microsoft.com/kb/4457054
support.microsoft.com/kb/4457055
support.microsoft.com/kb/4457056
support.microsoft.com/kb/4457128
support.microsoft.com/kb/4457131
support.microsoft.com/kb/4457132
support.microsoft.com/kb/4457138
support.microsoft.com/kb/4457142
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8269
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8409
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8479
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8269
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8409
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8421
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2018-8479
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
threats.kaspersky.com/en/product/Microsoft-Azure/
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.9 High
AI Score
Confidence
High
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.477 Medium
EPSS
Percentile
97.4%