Kaspersky LabKLA11459KLA11459 Multiple vulnerabilities in Microsoft Developer Tools
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
55.6%
Microsoft official advisories:
Detect date:
04/09/2019
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, obtain sensitive information, cause denial of service, gain privileges.
Affected products:
Open Enclave SDK
Azure DevOps Server 2019
ASP.NET Core 2.2
Team Foundation Server 2018 Update 3.2
Team Foundation Server 2018 Update 1.2
Team Foundation Server 2017 Update 3.1
Team Foundation Server 2015 Update 4.2
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2019-0870
CVE-2019-0874
CVE-2019-0869
CVE-2019-0876
CVE-2019-0867
CVE-2019-0866
CVE-2019-0815
CVE-2019-0871
CVE-2019-0875
CVE-2019-0857
CVE-2019-0868
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2019-08684.3Warning
CVE-2019-08762.1Warning
CVE-2019-08704.3Warning
CVE-2019-08744.3Warning
CVE-2019-08694.3Warning
CVE-2019-08674.3Warning
CVE-2019-08755.0Warning
CVE-2019-08664.3Warning
CVE-2019-08155.0Warning
CVE-2019-08574.3Warning
CVE-2019-08714.3Warning
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0857
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0866
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0867
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0868
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0869
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0870
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0871
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0874
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0875
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0876
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0815
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0857
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0866
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0867
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0868
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0869
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0870
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0871
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0874
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0875
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2019-0876
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Azure/
threats.kaspersky.com/en/product/Team-Foundation-Server/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.002 Low
EPSS
Percentile
55.6%