Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
kasperskyKaspersky LabKLA11897
HistoryDec 11, 2018 - 12:00 a.m.

KLA11897 Multiple vulnerabilities in Microsoft Developer Tools

2018-12-1100:00:00
Kaspersky Lab
threats.kaspersky.com
17

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.6%

JSON

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, cause denial of service, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. An elevation of privilege vulnerability in Diagnostics Hub Standard Collector Service can be exploited remotely to gain privileges.
  2. A denial of service vulnerability in Microsoft .NET Framework can be exploited remotely via specially crafted requests to cause denial of service.
  3. A remote code execution vulnerability in Microsoft .NET Framework can be exploited remotely to execute arbitrary code.

Original advisories

CVE-2018-8599

CVE-2018-8517

CVE-2018-8540

Related products

Microsoft-.NET-Framework

Microsoft-Visual-Studio

CVE list

CVE-2018-8540 critical

CVE-2018-8517 critical

CVE-2018-8599 critical

KB list

4469516

4470500

4470638

4471329

4471323

4470640

4470498

4471324

4470637

4470601

4470639

4470491

4470641

4470622

4470493

4470600

4471327

4470602

4470492

4470502

4470623

4471321

4470630

4470629

4470499

4470633

4471102

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

  • ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

  • DoS

Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.

  • PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

Affected Products

  • Microsoft .NET Framework 4.6Microsoft .NET Framework 4.6.2Microsoft .NET Framework 3.5Microsoft .NET Framework 3.5.1Microsoft .NET Framework 4.7/4.7.1/4.7.2Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8)Microsoft .NET Framework 4.5.2Microsoft .NET Framework 4.7.2Microsoft .NET Framework 3.5 Service Pack 1Microsoft .NET Framework 4.7.1/4.7.2Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2Microsoft Visual Studio 2015 Update 3Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft Visual Studio 2017

References

Related

kaspersky 2
openvas 14
mskb 36
nessus 12
nvd 3
cve 3
mscve 3
symantec 3
prion 3
cvelist 3
thn 1
threatpost 1
talosblog 1
kaspersky
kaspersky
KLA11383 Multiple vulnerabilities in Microsoft Developer Tools
2019-12-11 00:00:00
KLA11385 Multiple vulnerabilities in Microsoft Windows
2018-12-11 00:00:00
openvas
openvas
Microsoft .NET Framework 4.5.2 Multiple Vulnerabilities (KB4470623)
2018-12-12 00:00:00
Microsoft .NET Framework 3.5 Multiple Vulnerabilities (KB4470641)
2018-12-12 00:00:00
Microsoft .NET Framework Multiple Vulnerabilities (KB4470640)
2018-12-12 00:00:00
mskb
mskb
Description of the Security Only update for .NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, and 4.7.2 for Windows 7 SP1 and Server 2008 R2 SP1 and for .NET Framework 4.6 for Windows Server 2008 SP2 (KB 4470500)
2018-12-11 08:00:00
Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows 8.1, RT 8.1, and Server 2012 R2 (KB 4470622)
2018-12-11 08:00:00
Description of the Security and Quality Rollup for .NET Framework 4.5.2 for Windows Server 2012 (KB 4470623)
2018-12-11 08:00:00
nessus
nessus
Security Updates for Microsoft .NET Framework (December 2018)
2018-12-13 00:00:00
Security Updates for Microsoft Visual Studio Products (December 2018)
2018-12-13 00:00:00
KB4471329: Windows 10 Version 1709 and Windows Server Version 1709 December 2018 Security Update
2018-12-11 00:00:00
nvd
nvd
CVE-2018-8599
2018-12-12 00:29:00
CVE-2018-8517
2018-12-12 00:29:00
CVE-2018-8540
2018-12-12 00:29:00
cve
cve
CVE-2018-8599
2018-12-12 00:29:00
CVE-2018-8517
2018-12-12 00:29:00
CVE-2018-8540
2018-12-12 00:29:00
mscve
mscve
Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
2018-12-11 08:00:00
.NET Framework Remote Code Execution Injection Vulnerability
2018-12-11 08:00:00
.NET Framework Denial Of Service Vulnerability
2018-12-11 08:00:00
symantec
symantec
Microsoft Windows CVE-2018-8599 Local Privilege Escalation Vulnerability
2018-12-11 00:00:00
Microsoft .NET Framework CVE-2018-8540 Remote Code Execution Vulnerability
2018-12-11 00:00:00
Microsoft .NET Framework CVE-2018-8517 Remote Denial of Service Vulnerability
2018-12-11 00:00:00
prion
prion
Privilege escalation
2018-12-12 00:29:00
Denial of service
2018-12-12 00:29:00
Remote code execution
2018-12-12 00:29:00
cvelist
cvelist
CVE-2018-8599
2018-12-12 00:00:00
CVE-2018-8517
2018-12-12 00:00:00
CVE-2018-8540
2018-12-12 00:00:00
thn
thn
Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack
2018-12-12 08:48:00
threatpost
threatpost
Zero-Day Bug Patched by Microsoft, Part of December Patch TuesdZero-Day Bug Fixed by Microsoft in December Patch Tuesdayay
2018-12-11 22:02:00
talosblog
talosblog
Microsoft Patch Tuesday — December 2018: Vulnerability disclosures and Snort coverage
2018-12-11 10:35:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.1 High

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.6%

JSON
Related for KLA11897
kaspersky2openvas14mskb36nessus12nvd3cve3mscve3symantec3prion3cvelist3thn1threatpost1talosblog1