KLA11383Multiple vulnerabilities in Microsoft Developer Tools

2019-12-11T00:00:00
ID KLA11383
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-07-22T00:00:00

Description

Detect date:

12/11/2019

Severity:

Critical

Description:

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, gain privileges.

Affected products:

Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 Service Pack 1
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 4.7.2
Windows 10 Version 1607 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2016 (Server Core installation)
Windows 10 Version 1809 for x64-based Systems
Windows Server 2016
Microsoft Visual Studio 2017
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1709 for 32-bit Systems
Windows Server 2019 (Server Core installation)
Windows 10 Version 1803 for ARM64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1703 for 32-bit Systems
Microsoft Visual Studio 2015 Update 3
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1709 for x64-based Systems
Microsoft .NET Framework 4.7/4.7.1/4.7.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Microsoft .NET Framework 4.7.1/4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2018-8517
CVE-2018-8540
CVE-2018-8599

Impacts:

ACE

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2018-85400.0Unknown
CVE-2018-85170.0Unknown
CVE-2018-85990.0Unknown

KB list:

4469516
4470500
4470638
4471329
4471323
4470640
4470498
4471324
4470637
4470601
4470639
4470491
4470641
4470622
4470493
4470600
4471327
4470602
4470492
4470502
4470623
4471321
4470630
4470629
4470499
4470633
4471102

Microsoft official advisories: