logo
DATABASE RESOURCES PRICING ABOUT US

KLA12020 Multiple vulnerabilities in Microsoft Developer Tools

Description

### *Detect date*: 12/08/2020 ### *Severity*: High ### *Description*: Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, bypass security restrictions. ### *Affected products*: Visual Studio Code TS-Lint Extension Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2019 version 16.0 Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Team Foundation Server 2017 Update 3.1 Azure DevOps Server 2019 Update 1.1 Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6) Azure DevOps Server 2020 Team Foundation Server 2018 Update 3.2 Team Foundation Server 2015 Update 4.2 C SDK for Azure IoT Team Foundation Server 2018 Update 1.2 Azure DevOps Server 2019.0.1 Microsoft Visual Studio 2019 version 16.8 Visual Studio Code Remote - SSH Extension Visual Studio Code Language Support for Java Extension ### *Solution*: Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel) ### *Original advisories*: [CVE-2020-17135](<https://nvd.nist.gov/vuln/detail/CVE-2020-17135>) [CVE-2020-17156](<https://nvd.nist.gov/vuln/detail/CVE-2020-17156>) [CVE-2020-17148](<https://nvd.nist.gov/vuln/detail/CVE-2020-17148>) [CVE-2020-17159](<https://nvd.nist.gov/vuln/detail/CVE-2020-17159>) [CVE-2020-17145](<https://nvd.nist.gov/vuln/detail/CVE-2020-17145>) [CVE-2020-17002](<https://nvd.nist.gov/vuln/detail/CVE-2020-17002>) [CVE-2020-17150](<https://nvd.nist.gov/vuln/detail/CVE-2020-17150>) ### *Impacts*: ACE ### *Related products*: [Microsoft Visual Studio](<https://threats.kaspersky.com/en/product/Microsoft-Visual-Studio/>) ### *CVE-IDS*: [CVE-2020-17135](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17135>)4.9Warning [CVE-2020-17156](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17156>)6.8High [CVE-2020-17148](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17148>)6.8High [CVE-2020-17159](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17159>)6.8High [CVE-2020-17145](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17145>)4.9Warning [CVE-2020-17002](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17002>)9.4Critical [CVE-2020-17150](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17150>)6.8High ### *Microsoft official advisories*:


Related