KLA48843 Multiple vulnerabilities in Microsoft Developer Tools

Detect date:

04/11/2023

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information, gain privileges, spoof user interface.

Exploitation:

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Affected products:

Microsoft Visual Studio 2022 version 17.5
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
.NET 6.0
.NET 7.0
Microsoft Visual Studio 2022 version 17.2
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Visual Studio Code
Microsoft Visual Studio 2022 version 17.0

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2023-28296
CVE-2023-28263
CVE-2023-24893
CVE-2023-28262
CVE-2023-28299
CVE-2023-28260

Impacts:

ACE

Related products:

Microsoft Visual Studio

CVE-IDS:

CVE-2023-282607.8Critical
CVE-2023-282967.8Critical
CVE-2023-282635.5High
CVE-2023-248937.8Critical
CVE-2023-282627.8Critical
CVE-2023-282995.5High

KB list:

5025916
5025915

Microsoft official advisories: