KLA11404 Multiple vulnerabilities in Microsoft Development Tools

Multiple vulnerabilities were found in Microsoft Development Tools. Malicious users can exploit these vulnerabilities to obtain sensitive information, perform cross-site scripting attacks.

Below is a complete list of vulnerabilities:

1. A cross-site-scripting (XSS) vulnerability in Team Foundation Server can be exploited remotely via specially crafted request to perform cross-site scripting attacks;
2. An information disclosure vulnerability in Team Foundation Server can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2019-0646

CVE-2019-0647

Related products

Team-Foundation-Server

CVE list

CVE-2019-0646 warning

CVE-2019-0647 warning

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• OSI

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Team Foundation Server 2018 Updated 1.2Team Foundation Server 2017 Update 3.1Team Foundation Server 2018 Update 3.2