Kaspersky LabKLA65276KLA65276 OSI vulnerability in Microsoft Developer Tools
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.1 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
20.4%
Detect date:
03/22/2024
Severity:
High
Description:
An information disclosure vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to obtain sensitive information.
Exploitation:
Public exploits exist for this vulnerability.
Affected products:
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 AND 4.8.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4.8
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5 AND 4.6/4.6.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 AND 4.8
Microsoft .NET Framework 3.5 AND 4.7.2
Solution:
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Original advisories:
Impacts:
OSI
Related products:
CVE-IDS:
CVE-2024-290597.5Critical
KB list:
5032343
5032007
5032337
5032186
5032340
5032338
5032344
5032341
5032342
5032339
5032336
5031989
5032185
5034119
5034134
Microsoft official advisories:
References
support.microsoft.com/kb/5031989
support.microsoft.com/kb/5032007
support.microsoft.com/kb/5032185
support.microsoft.com/kb/5032186
support.microsoft.com/kb/5032336
support.microsoft.com/kb/5032337
support.microsoft.com/kb/5032338
support.microsoft.com/kb/5032339
support.microsoft.com/kb/5032340
support.microsoft.com/kb/5032341
support.microsoft.com/kb/5032342
support.microsoft.com/kb/5032343
support.microsoft.com/kb/5032344
support.microsoft.com/kb/5034119
support.microsoft.com/kb/5034134
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-29059
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059
portal.msrc.microsoft.com/en-us/security-guidance
statistics.securelist.com/vulnerability-scan/month
threats.kaspersky.com/en/product/.NET/
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.1 High
AI Score
Confidence
High
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
20.4%