KLA12245 Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, spoof user interface.

Below is a complete list of vulnerabilities:

1. A remote code execution vulnerability in Visual Studio Code can be exploited remotely to execute arbitrary code.
2. An elevation of privilege vulnerability in Visual Studio Code .NET Runtime can be exploited remotely to gain privilege.
3. A spoofing vulnerability in Microsoft Visual Studio can be exploited remotely to spoof user interface.
4. An elevation of privilege vulnerability in Open Enclave SDK can be exploited remotely to gain privilege.

Original advisories

CVE-2021-34529

CVE-2021-34477

CVE-2021-34479

CVE-2021-34528

CVE-2021-33767

Related products

Microsoft-Visual-Studio

CVE list

CVE-2021-34529 unknown

CVE-2021-34477 unknown

CVE-2021-34479 unknown

CVE-2021-34528 unknown

CVE-2021-33767 unknown

KB list

Solution

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)

Impacts

• ACE

Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.

• PE

Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.

• SUI

Spoof user interface. Exploitation of vulnerabilities with this impact can lead to changes in user interface to beguile user into inaccurate behavior.

Affected Products

• Microsoft Visual StudioVisual Studio Code .NET RuntimeVisual Studio CodeOpen Enclave SDK