Kaspersky LabKLA11956KLA11956 Multiple vulnerabilities in Microsoft Developer Tools
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.015 Low
EPSS
Percentile
86.8%
Detect date:
09/08/2020
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code, bypass security restrictions.
Affected products:
ASP.NET Core 3.1
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Visual Studio Code
ASP.NET Core 2.1
Microsoft Visual Studio 2013 Update 5
Microsoft Visual Studio 2012 Update 5
Microsoft Visual Studio 2015 Update 3
PowerShell 7.1
PowerShell 7.0
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 â 16.6)
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2020-1130
CVE-2020-1133
CVE-2020-16874
CVE-2020-16881
CVE-2020-1045
CVE-2020-16856
CVE-2020-0951
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2020-11306.6High
CVE-2020-09516.7High
CVE-2020-11335.5High
CVE-2020-168747.8Critical
CVE-2020-168817.8Critical
CVE-2020-10457.5Critical
CVE-2020-168567.8Critical
KB list:
Microsoft official advisories:
References
support.microsoft.com/kb/4571480
support.microsoft.com/kb/4571481
support.microsoft.com/kb/4576950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0951
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1130
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1133
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16856
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16874
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16881
msrc.microsoft.com/update-guide/vulnerability/CVE-2020-0951
msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1045
msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1130
msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1133
msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16856
msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16874
msrc.microsoft.com/update-guide/vulnerability/CVE-2020-16881
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Visual-Studio/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.015 Low
EPSS
Percentile
86.8%