Lucene search

Kaspersky LabKLA11575

HistoryOct 08, 2019 - 12:00 a.m.

KLA11575 Multiple vulnerabilities in Microsoft Developer Tools

2019-10-0800:00:00

Kaspersky Lab

threats.kaspersky.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

10 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

8.1 High

AI Score

Confidence

High

0.111 Low

EPSS

Percentile

95.2%

JSON

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, obtain sensitive information.

Below is a complete list of vulnerabilities:

A remote code execution vulnerability in Azure Stack can be exploited remotely to execute arbitrary code.
An information disclosure vulnerability in Open Enclave SDK can be exploited remotely to obtain sensitive information.

Original advisories

CVE-2019-1372

CVE-2019-1369

Related products

Microsoft-Windows

Microsoft-Azure

CVE list

CVE-2019-1372 critical

CVE-2019-1369 warning

KB list

4524964

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

Obtain sensitive information. Exploitation of vulnerabilities with this impact can lead to capturing by abuser information, critical for user or system.