Kaspersky LabKLA11399KLA11399 Multiple vulnerabilities in Microsoft Developer Tools
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.018 Low
EPSS
Percentile
87.8%
Detect date:
01/08/2019
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, cause denial of service.
Affected products:
Microsoft Visual Studio 2012 Update 5
Microsoft Visual Studio 2010 Service Pack 1
ASP.NET Core 2.1
ASP.NET Core 2.2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4.7/4.7.1/4.7.2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4.7.1/4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.7.2
.NET Core 2.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Microsoft .NET Framework 4.5.2
.NET Core 2.1
Microsoft .NET Framework 4.6
PowerShell Core 6.2
PowerShell Core 6.1
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2019-0537
CVE-2019-0546
CVE-2019-0548
CVE-2019-0564
CVE-2019-0545
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2019-05374.3Warning
CVE-2019-05469.3Critical
CVE-2019-05485.0Warning
CVE-2019-05645.0Warning
CVE-2019-05455.0Warning
KB list:
4480978
4480962
4480966
4480961
4480973
4476698
4476755
4480056
4481480
4481481
4481482
4481483
4481484
4481485
4481486
4481487
Microsoft official advisories:
References
support.microsoft.com/kb/4476698
support.microsoft.com/kb/4476755
support.microsoft.com/kb/4480056
support.microsoft.com/kb/4480961
support.microsoft.com/kb/4480962
support.microsoft.com/kb/4480966
support.microsoft.com/kb/4480973
support.microsoft.com/kb/4480978
support.microsoft.com/kb/4481480
support.microsoft.com/kb/4481481
support.microsoft.com/kb/4481482
support.microsoft.com/kb/4481483
support.microsoft.com/kb/4481484
support.microsoft.com/kb/4481485
support.microsoft.com/kb/4481486
support.microsoft.com/kb/4481487
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0545
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0546
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0548
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0564
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0537
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0545
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0546
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0548
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0564
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
threats.kaspersky.com/en/product/Microsoft-Visual-Studio/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.018 Low
EPSS
Percentile
87.8%