Lucene search

K
kasperskyKaspersky LabKLA65276
HistoryMar 22, 2024 - 12:00 a.m.

KLA65276 OSI vulnerability in Microsoft Developer Tools

2024-03-2200:00:00
Kaspersky Lab
threats.kaspersky.com
8
microsoft developer tools
high severity
public exploits
.net framework
necessary updates
cve-2024-29059
osi

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

20.4%

Detect date:

03/22/2024

Severity:

High

Description:

An information disclosure vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to obtain sensitive information.

Exploitation:

Public exploits exist for this vulnerability.

Affected products:

Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 AND 4.8.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 4.8
Microsoft .NET Framework 3.5
Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 3.5 AND 4.6/4.6.2
Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2
Microsoft .NET Framework 4.6.2
Microsoft .NET Framework 3.5.1
Microsoft .NET Framework 3.5 AND 4.8
Microsoft .NET Framework 3.5 AND 4.7.2

Solution:

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Original advisories:

CVE-2024-29059

Impacts:

OSI

Related products:

Microsoft .NET Framework

CVE-IDS:

CVE-2024-290597.5Critical

KB list:

5032343
5032007
5032337
5032186
5032340
5032338
5032344
5032341
5032342
5032339
5032336
5031989
5032185
5034119
5034134

Microsoft official advisories:

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

7.1 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

20.4%