Kaspersky LabKLA12020KLA12020 Multiple vulnerabilities in Microsoft Developer Tools
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
9.4 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:C/A:N
0.012 Low
EPSS
Percentile
84.8%
Detect date:
12/08/2020
Severity:
High
Description:
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code, bypass security restrictions.
Affected products:
Visual Studio Code TS-Lint Extension
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Team Foundation Server 2017 Update 3.1
Azure DevOps Server 2019 Update 1.1
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
Azure DevOps Server 2020
Team Foundation Server 2018 Update 3.2
Team Foundation Server 2015 Update 4.2
C SDK for Azure IoT
Team Foundation Server 2018 Update 1.2
Azure DevOps Server 2019.0.1
Microsoft Visual Studio 2019 version 16.8
Visual Studio Code Remote - SSH Extension
Visual Studio Code Language Support for Java Extension
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2020-17135
CVE-2020-17156
CVE-2020-17148
CVE-2020-17159
CVE-2020-17145
CVE-2020-17002
CVE-2020-17150
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2020-171356.4High
CVE-2020-171567.8Critical
CVE-2020-171487.8Critical
CVE-2020-171597.8Critical
CVE-2020-171455.4High
CVE-2020-170027.4High
CVE-2020-171507.8Critical
Microsoft official advisories:
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17002
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17145
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17148
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17150
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17156
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17159
nvd.nist.gov/vuln/detail/CVE-2020-17002
nvd.nist.gov/vuln/detail/CVE-2020-17135
nvd.nist.gov/vuln/detail/CVE-2020-17145
nvd.nist.gov/vuln/detail/CVE-2020-17148
nvd.nist.gov/vuln/detail/CVE-2020-17150
nvd.nist.gov/vuln/detail/CVE-2020-17156
nvd.nist.gov/vuln/detail/CVE-2020-17159
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-Azure/
threats.kaspersky.com/en/product/Microsoft-Visual-Studio/
threats.kaspersky.com/en/product/Team-Foundation-Server/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
7.9 High
AI Score
Confidence
High
9.4 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:C/A:N
0.012 Low
EPSS
Percentile
84.8%