Kaspersky LabKLA20123KLA20123 Multiple vulnerabilities in Microsoft Developer Tools
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.1%
Detect date:
12/13/2022
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
Microsoft .NET Framework 3.5 AND 4.8.1
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.8
.NET 7.0
Windows Sysmon
Microsoft .NET Framework 3.5.1
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft .NET Framework 3.5
Microsoft Visual Studio 2022 version 17.4
.NET 6.0
PowerShell 7.3
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 AND 4.8
Microsoft Visual Studio 2022 version 17.2
PowerShell 7.2
Microsoft Visual Studio 2022 version 17.0
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.5 AND 4.7.2
.NET Core 3.1
Microsoft .NET Framework 3.5 AND 4.6/4.6.2
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2022-44704
CVE-2022-41076
CVE-2022-41089
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2022-410768.5Critical
CVE-2022-447047.8Critical
CVE-2022-410897.8Critical
KB list:
5021243
5021953
5020880
5021082
5021094
5021093
5021954
5021085
5021092
5021086
5020873
5021080
5020868
5021088
5021095
5021081
5021079
5021091
5021955
5021089
5021090
5021087
Microsoft official advisories:
References
support.microsoft.com/kb/5020868
support.microsoft.com/kb/5020873
support.microsoft.com/kb/5020880
support.microsoft.com/kb/5021079
support.microsoft.com/kb/5021080
support.microsoft.com/kb/5021081
support.microsoft.com/kb/5021082
support.microsoft.com/kb/5021085
support.microsoft.com/kb/5021086
support.microsoft.com/kb/5021087
support.microsoft.com/kb/5021088
support.microsoft.com/kb/5021089
support.microsoft.com/kb/5021090
support.microsoft.com/kb/5021091
support.microsoft.com/kb/5021092
support.microsoft.com/kb/5021093
support.microsoft.com/kb/5021094
support.microsoft.com/kb/5021095
support.microsoft.com/kb/5021243
support.microsoft.com/kb/5021953
support.microsoft.com/kb/5021954
support.microsoft.com/kb/5021955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41076
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41089
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44704
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41076
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44704
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
threats.kaspersky.com/en/product/Microsoft-Visual-Studio/
threats.kaspersky.com/en/product/Microsoft-Windows/
Related
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 High
AI Score
Confidence
High
4.6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.009 Low
EPSS
Percentile
82.1%