Kaspersky LabKLA11971KLA11971 Multiple vulnerabilities in Microsoft Developer Tools
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.4%
Detect date:
10/13/2020
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, execute arbitrary code.
Affected products:
Visual Studio Code
Microsoft .NET Framework 3.5 AND 4.8
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2
Microsoft .NET Framework 4.5.2
Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5
Microsoft .NET Framework 4.8
Microsoft .NET Framework 4.6
Microsoft .NET Framework 3.5 AND 4.6/4.6.1/4.6.2
Microsoft .NET Framework 3.5 AND 4.7.2
PowerShellGet 2.2.5
Microsoft .NET Framework 2.0 Service Pack 2
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2020-16937
CVE-2020-16886
CVE-2020-16977
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2020-169374.7Warning
CVE-2020-168865.3High
CVE-2020-169777.0High
KB list:
4579980
4578974
4578972
4578971
4579977
4579978
4579979
4578968
4578969
4580328
4579976
4580330
4580327
4580346
4580470
4580468
4580469
4580467
4578961
4578963
Microsoft official advisories:
References
support.microsoft.com/kb/4578961
support.microsoft.com/kb/4578963
support.microsoft.com/kb/4578968
support.microsoft.com/kb/4578969
support.microsoft.com/kb/4578971
support.microsoft.com/kb/4578972
support.microsoft.com/kb/4578974
support.microsoft.com/kb/4579976
support.microsoft.com/kb/4579977
support.microsoft.com/kb/4579978
support.microsoft.com/kb/4579979
support.microsoft.com/kb/4579980
support.microsoft.com/kb/4580327
support.microsoft.com/kb/4580328
support.microsoft.com/kb/4580330
support.microsoft.com/kb/4580346
support.microsoft.com/kb/4580467
support.microsoft.com/kb/4580468
support.microsoft.com/kb/4580469
support.microsoft.com/kb/4580470
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16886
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16937
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16977
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16886
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16937
portal.msrc.microsoft.com/api/security-guidance/en-US/CVE/CVE-2020-16977
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
threats.kaspersky.com/en/product/Microsoft-Visual-Studio/
Related
7 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.007 Low
EPSS
Percentile
79.4%