Kaspersky LabKLA50317KLA50317 Multiple vulnerabilities in Microsoft Developer Tools
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
Low
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0 Low
EPSS
Percentile
14.0%
Detect date:
06/13/2023
Severity:
Critical
Description:
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code, bypass security restrictions, obtain sensitive information, spoof user interface.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
NuGet 6.3.2
Microsoft Visual Studio 2013 Update 5
Microsoft Visual Studio 2015 Update 3
Microsoft .NET Framework 3.5 AND 4.8
Microsoft .NET Framework 3.5 AND 4.8.1
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft Visual Studio 2022 version 17.5
NuGet 6.0.4
Microsoft .NET Framework 3.5 and 4.6.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
NuGet 6.4.1
Microsoft .NET Framework 4.8
Azure DevOps Server 2020.1.2
.NET 6.0
Microsoft Visual Studio 2022 version 17.0
NuGet 6.2.3
Microsoft .NET Framework 4.6.2
Microsoft Visual Studio 2022 version 17.2
Microsoft .NET Framework 2.0 Service Pack 2
YARP 2.0
Microsoft .NET Framework 3.0 Service Pack 2
Windows Sysinternals Process Monitor
NuGet 6.5.0
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 version 17.6
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 AND 4.7.2
NuGet 6.6.0
Sysinternals Suite
Microsoft Visual Studio 2022 version 17.4
.NET 7.0
Visual Studio Code
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
CVE-2023-29007
CVE-2023-33139
CVE-2023-24936
CVE-2023-27909
CVE-2023-32030
CVE-2023-32032
CVE-2023-25815
CVE-2023-24895
CVE-2023-24897
CVE-2023-33126
CVE-2023-29011
CVE-2023-21565
CVE-2023-29326
CVE-2023-33144
CVE-2023-33135
CVE-2023-27910
CVE-2023-29337
CVE-2023-33141
CVE-2023-29353
CVE-2023-25652
CVE-2023-29331
CVE-2023-27911
CVE-2023-33128
CVE-2023-21569
CVE-2023-29012
Impacts:
ACE
Related products:
CVE-IDS:
CVE-2023-258152.2Warning
CVE-2023-290077.8Critical
CVE-2023-256527.5Critical
CVE-2023-290127.8Critical
CVE-2023-290117.8Critical
CVE-2023-331395.5High
CVE-2023-249367.5Critical
CVE-2023-279097.8Critical
CVE-2023-320307.5Critical
CVE-2023-320326.5High
CVE-2023-248957.8Critical
CVE-2023-248977.8Critical
CVE-2023-331267.3High
CVE-2023-215657.1High
CVE-2023-293267.8Critical
CVE-2023-331446.6High
CVE-2023-331357.3High
CVE-2023-279107.8Critical
CVE-2023-293377.1High
CVE-2023-331417.5Critical
CVE-2023-293535.5High
CVE-2023-293317.5Critical
CVE-2023-279117.8Critical
CVE-2023-331287.3High
CVE-2023-215695.5High
KB list:
5027230
5027219
5026454
5027798
5027533
5027539
5027532
5025792
5027119
5026455
5027797
5027540
5027123
5026610
5027537
5027534
5027544
5027543
5027536
5027531
5027541
5027538
5027542
Microsoft official advisories:
References
support.microsoft.com/kb/5025792
support.microsoft.com/kb/5026454
support.microsoft.com/kb/5026455
support.microsoft.com/kb/5026610
support.microsoft.com/kb/5027119
support.microsoft.com/kb/5027123
support.microsoft.com/kb/5027219
support.microsoft.com/kb/5027230
support.microsoft.com/kb/5027531
support.microsoft.com/kb/5027532
support.microsoft.com/kb/5027533
support.microsoft.com/kb/5027534
support.microsoft.com/kb/5027536
support.microsoft.com/kb/5027537
support.microsoft.com/kb/5027538
support.microsoft.com/kb/5027539
support.microsoft.com/kb/5027540
support.microsoft.com/kb/5027541
support.microsoft.com/kb/5027542
support.microsoft.com/kb/5027543
support.microsoft.com/kb/5027544
support.microsoft.com/kb/5027797
support.microsoft.com/kb/5027798
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21565
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21569
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24895
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24897
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24936
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25815
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27909
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27910
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27911
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29011
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29012
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29326
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29331
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29337
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29353
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32030
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33126
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33128
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33135
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33139
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33141
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-33144
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21565
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21569
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24895
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24897
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24936
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-25652
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-25815
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-27909
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-27910
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-27911
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29007
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29011
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29012
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29326
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29331
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29337
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29353
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32030
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-32032
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33126
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33128
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33135
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33139
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33141
msrc.microsoft.com/update-guide/vulnerability/CVE-2023-33144
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
threats.kaspersky.com/en/product/Microsoft-Azure/
threats.kaspersky.com/en/product/Microsoft-Visual-Studio/
threats.kaspersky.com/en/product/Microsoft-Windows/
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 High
AI Score
Confidence
Low
6 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
0 Low
EPSS
Percentile
14.0%