Kaspersky LabKLA11419KLA11419 Multiple vulnerabilities in Microsoft Developer Tools
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.042 Low
EPSS
Percentile
92.1%
Detect date:
02/12/2019
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, spoof user interface, obtain sensitive information, gain privileges.
Affected products:
.NET Core 1.0
.NET Core 2.1
.NET Core 2.2
Java SDK for Azure IoT
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.7.1/4.7.2
Microsoft .NET Framework 4.7.2
Microsoft .NET Framework 4.7/4.7.1/4.7.2
Microsoft Visual Studio 2017
Team Foundation Server 2018 Update 3.2
Visual Studio Code
Windows 10 for 32-bit Systems
Windows Server, version 1803 (Server Core Installation)
PowerShell Core 6.2
Windows 10 for x64-based Systems
Windows Server 2016 (Server Core installation)
Windows 10 Version 1803 for ARM64-based Systems
Windows Server 2016
Windows 10 Version 1709 for x64-based Systems
Windows 10 Version 1709 for ARM64-based Systems
Windows 10 Version 1703 for x64-based Systems
Windows 10 Version 1809 for 32-bit Systems
Windows 10 Version 1809 for ARM64-based Systems
Windows Server 2019 (Server Core installation)
PowerShell Core 6.1
Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)
Windows 10 Version 1803 for x64-based Systems
Windows 10 Version 1607 for 32-bit Systems
Windows Server, version 1709 (Server Core Installation)
Windows 10 Version 1809 for x64-based Systems
Windows 10 Version 1607 for x64-based Systems
Windows 10 Version 1803 for 32-bit Systems
Windows 10 Version 1709 for 32-bit Systems
Windows 10 Version 1703 for 32-bit Systems
Windows Server 2019
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2019-0631
CVE-2019-0613
CVE-2019-0657
CVE-2019-0742
CVE-2019-0632
CVE-2019-0741
CVE-2019-0627
CVE-2019-0729
CVE-2019-0728
CVE-2019-0743
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2019-06274.6Warning
CVE-2019-06314.6Warning
CVE-2019-06324.6Warning
CVE-2019-07415.0Warning
CVE-2019-07433.5Warning
CVE-2019-06139.3Critical
CVE-2019-07423.5Warning
CVE-2019-07289.3Critical
CVE-2019-06574.3Warning
CVE-2019-07297.5Critical
KB list:
4487020
4487017
4486996
4487026
4487018
4483452
4483450
4487081
4487079
4487078
4487124
4487121
4487123
4487122
Microsoft official advisories:
References
support.microsoft.com/kb/4483450
support.microsoft.com/kb/4483452
support.microsoft.com/kb/4486996
support.microsoft.com/kb/4487017
support.microsoft.com/kb/4487018
support.microsoft.com/kb/4487020
support.microsoft.com/kb/4487026
support.microsoft.com/kb/4487078
support.microsoft.com/kb/4487079
support.microsoft.com/kb/4487081
support.microsoft.com/kb/4487121
support.microsoft.com/kb/4487122
support.microsoft.com/kb/4487123
support.microsoft.com/kb/4487124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0613
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0631
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0632
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0657
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0728
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0729
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0741
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0742
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0743
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0613
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0627
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0631
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0632
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0657
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0728
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0729
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0741
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0742
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0743
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
threats.kaspersky.com/en/product/Microsoft-Azure/
threats.kaspersky.com/en/product/Microsoft-Visual-Studio/
threats.kaspersky.com/en/product/Microsoft-Windows-10/
threats.kaspersky.com/en/product/Microsoft-Windows-Server/
threats.kaspersky.com/en/product/Microsoft-Windows/
threats.kaspersky.com/en/product/Team-Foundation-Server/
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.5 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.042 Low
EPSS
Percentile
92.1%