Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA12605
HistoryAug 09, 2022 - 12:00 a.m.

KLA12605 Multiple vulnerabilities in Microsoft Developer Tools

2022-08-0900:00:00
Kaspersky Lab
threats.kaspersky.com
18

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON

Detect date:

08/09/2022

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code.

Affected products:

Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2012 Update 5
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2013 Update 5
.NET 6.0
.NET Core 3.1
Microsoft Visual Studio 2015 Update 3
Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
Microsoft Visual Studio 2022 version 17.0

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2022-34716
CVE-2022-35826
CVE-2022-35777
CVE-2022-35827
CVE-2022-35825

Impacts:

ACE

Related products:

Microsoft Visual Studio

CVE-IDS:

CVE-2022-347165.9High
CVE-2022-358268.8Critical
CVE-2022-357778.8Critical
CVE-2022-358278.8Critical
CVE-2022-358258.8Critical

KB list:

5016316
5016315
5016987
5016990
5016314

Microsoft official advisories:

References

Related

mskb 5
nessus 15
prion 5
mscve 5
cve 5
cnvd 1
zdi 8
oraclelinux 3
redhat 5
osv 10
alpinelinux 1
almalinux 3
redos 1
redhatcve 1
openvas 1
ibm 2
github 1
cbl_mariner 1
rocky 2
veracode 1
altlinux 4
avleonov 1
photon 1
rapid7blog 1
mskb
mskb
Description of the security update for the remote code execution vulnerability in Microsoft Visual Studio 2015 Update 3: August 9, 2022 (KB5016316)
2022-08-09 07:00:00
Description of the security update for the remote code execution vulnerability in Microsoft Visual Studio 2012 Update 5: August 9, 2022 (KB5016314)
2022-08-09 07:00:00
Description of the security update for the remote code execution vulnerability in Microsoft Visual Studio 2013 Update 5: August 9, 2022 (KB5016315)
2022-08-09 07:00:00
nessus
nessus
Security Updates for Microsoft Visual Studio Products (August 2022)
2022-08-12 00:00:00
AlmaLinux 8 : .NET 6.0 (6058) (ALSA-2022:6058)
2022-08-18 00:00:00
Security Updates for Microsoft .NET Core (August 2022)
2022-08-10 00:00:00
prion
prion
Remote code execution
2022-08-09 20:15:00
Remote code execution
2022-08-09 20:15:00
Spoofing
2022-08-09 20:15:00
mscve
mscve
Visual Studio Remote Code Execution Vulnerability
2022-08-09 07:00:00
Visual Studio Remote Code Execution Vulnerability
2022-08-09 07:00:00
.NET Spoofing Vulnerability
2022-08-09 07:00:00
cve
cve
CVE-2022-35777
2022-08-09 20:15:00
CVE-2022-35826
2022-08-09 20:15:00
CVE-2022-34716
2022-08-09 20:15:00
cnvd
cnvd
Microsoft Visual Studio Remote Code Execution Vulnerability (CNVD-2022-67839)
2022-08-12 00:00:00
zdi
zdi
Microsoft Visual Studio FBX File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2023-09-27 00:00:00
Microsoft Visual Studio DAE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
2023-09-27 00:00:00
Microsoft Visual Studio FBX File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
2023-09-27 00:00:00
oraclelinux
oraclelinux
.NET Core 3.1 security, bug fix, and enhancement update
2022-08-15 00:00:00
.NET 6.0 security, bug fix, and enhancement update
2022-08-15 00:00:00
.NET 6.0 security, bug fix, and enhancement update
2022-08-10 00:00:00
redhat
redhat
(RHSA-2022:6038) Moderate: .NET 6.0 security, bug fix, and enhancement update
2022-08-10 09:31:11
(RHSA-2022:6058) Moderate: .NET 6.0 security, bug fix, and enhancement update
2022-08-15 07:40:49
(RHSA-2022:6043) Moderate: .NET 6.0 security, bug fix, and enhancement update
2022-08-10 12:12:56
osv
osv
.NET Information Disclosure Vulnerability
2022-08-10 00:00:18
.NET Information Disclosure Vulnerability
2024-02-03 00:47:54
Moderate: .NET Core 3.1 security, bug fix, and enhancement update
2022-08-15 00:00:00
alpinelinux
alpinelinux
CVE-2022-34716
2022-08-09 20:15:00
almalinux
almalinux
Moderate: .NET 6.0 security, bug fix, and enhancement update
2022-08-15 00:00:00
Moderate: .NET 6.0 security, bug fix, and enhancement update
2022-08-10 00:00:00
Moderate: .NET Core 3.1 security, bug fix, and enhancement update
2022-08-15 00:00:00
redos
redos
ROS-20240226-02
2024-02-26 00:00:00
redhatcve
redhatcve
CVE-2022-34716
2022-08-09 17:25:00
openvas
openvas
.NET Core Information Disclosure Vulnerabilities - Windows
2022-08-10 00:00:00
ibm
ibm
Security Bulletin: IBM Robotic Process Automation may be vulnerable to spoofing attacks due to System.Security.Cryptography.Xml (CVE-2022-34716))
2022-09-29 14:43:28
Security Bulletin: A vulnerability in Microsoft .NET may affect IBM Robotic Process Automation allowing an attacker to conduct spoofing attacks (CVE-2022-34716)
2023-09-11 16:03:30
github
github
.NET Information Disclosure Vulnerability
2024-02-03 00:47:54
cbl_mariner
cbl_mariner
CVE-2022-34716 affecting package powershell 7.2.2-1
2022-10-04 07:51:34
rocky
rocky
.NET 6.0 security, bug fix, and enhancement update
2022-08-15 07:40:49
.NET Core 3.1 security, bug fix, and enhancement update
2022-08-15 07:23:44
veracode
veracode
Information Disclosure
2022-08-12 07:49:39
altlinux
altlinux
Security fix for the ALT Linux 10 package dotnet-bootstrap-6.0 version 6.0.12-alt1
2023-02-20 00:00:00
Security fix for the ALT Linux 10 package dotnet-coreclr-3.1 version 3.1.32-alt1
2023-03-18 00:00:00
Security fix for the ALT Linux 10 package dotnet-runtime-7.0 version 6.0.12-alt1
2022-12-27 00:00:00
avleonov
avleonov
Microsoft Patch Tuesday August 2022: DogWalk, Exchange EOPs, 13 potentially dangerous, 2 funny, 3 mysterious vulnerabilities
2022-08-23 00:00:26
photon
photon
Important Photon OS Security Update - PHSA-2022-4.0-0279
2022-11-10 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - August 2022
2022-08-09 19:34:51

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.2 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON
Related for KLA12605
mskb5nessus15prion5mscve5cve5cnvd1zdi8oraclelinux3redhat5osv10alpinelinux1almalinux3redos1redhatcve1openvas1ibm2github1cbl_mariner1rocky2veracode1altlinux4avleonov1photon1rapid7blog1