Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA62828
HistoryJun 15, 2023 - 12:00 a.m.

KLA62828 Multiple vulnerabilities in Microsoft Developer Tools

2023-06-1500:00:00
Kaspersky Lab
threats.kaspersky.com
4

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.2%

JSON

Detect date:

06/15/2023

Severity:

High

Description:

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges.

Affected products:

Microsoft Visual Studio 2022 version 17.8
Microsoft Visual Studio 2022 version 17.6
Microsoft Visual Studio 2022 version 17.4
Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
Microsoft Visual Studio 2022 version 17.2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2023-29349
CVE-2023-32028
CVE-2023-32026
CVE-2023-32025
CVE-2023-29356
CVE-2023-32027

Impacts:

ACE

Related products:

Microsoft Visual Studio

CVE-IDS:

CVE-2023-320277.8Critical
CVE-2023-320257.8Critical
CVE-2023-293567.8Critical
CVE-2023-320287.8Critical
CVE-2023-320267.8Critical
CVE-2023-293497.8Critical

Related

kaspersky 1
nessus 3
prion 6
cvelist 6
mscve 6
cve 6
ics 1
kaspersky
kaspersky
KLA50361 Multiple vulnerabilities in Microsoft SQL Server
2023-06-15 00:00:00
nessus
nessus
Security Updates for Microsoft SQL Server ODBC Driver (June 2023)
2023-07-26 00:00:00
Security Updates for Microsoft Visual Studio Products (January 2024)
2024-01-09 00:00:00
Security Updates for Microsoft SQL Server OLE DB Driver (June 2023)
2023-07-26 00:00:00
prion
prion
Remote code execution
2023-06-16 01:15:00
Remote code execution
2023-06-16 01:15:00
Remote code execution
2023-06-16 01:15:00
cvelist
cvelist
CVE-2023-32026 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
2023-06-16 00:44:29
CVE-2023-29356 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
2023-06-16 00:44:27
CVE-2023-32025 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
2023-06-16 00:44:28
mscve
mscve
Microsoft ODBC and OLE DB Remote Code Execution Vulnerability
2023-06-15 07:00:00
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
2023-06-15 07:00:00
Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability
2023-06-15 07:00:00
cve
cve
CVE-2023-29356
2023-06-16 01:15:27
CVE-2023-29349
2023-06-16 01:15:27
CVE-2023-32025
2023-06-16 01:15:27
ics
ics
Siemens Telecontrol Server Basic
2024-04-11 12:00:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

8.3 High

AI Score

Confidence

Low

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.2%

JSON
Related for KLA62828
kaspersky1nessus3prion6cvelist6mscve6cve6ics1