KLA11399Multiple vulnerabilities in Microsoft Developer Tools

2019-01-08T00:00:00
ID KLA11399
Type kaspersky
Reporter Kaspersky Lab
Modified 2020-07-22T00:00:00

Description

Detect date:

01/08/2019

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service.

Affected products:

Microsoft Visual Studio 2012 Update 5
Microsoft Visual Studio 2010 Service Pack 1
ASP.NET Core 2.1
ASP.NET Core 2.2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4.7/4.7.1/4.7.2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4.7.1/4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.7.2
.NET Core 2.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Microsoft .NET Framework 4.5.2
.NET Core 2.1
Microsoft .NET Framework 4.6
PowerShell Core 6.2
PowerShell Core 6.1
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2019-0537
CVE-2019-0546
CVE-2019-0548
CVE-2019-0564
CVE-2019-0545

Impacts:

ACE

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2019-05370.0Unknown
CVE-2019-05460.0Unknown
CVE-2019-05480.0Unknown
CVE-2019-05640.0Unknown
CVE-2019-05450.0Unknown

KB list:

4480978
4480962
4480966
4480961
4480973
4476698
4476755
4480056
4481480
4481481
4481482
4481483
4481484
4481485
4481486
4481487

Microsoft official advisories: