Kaspersky LabKLA20123KLA20123 Multiple vulnerabilities in Microsoft Developer Tools
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.5%
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code.
Below is a complete list of vulnerabilities:
- An elevation of privilege vulnerability in Microsoft Windows Sysmon can be exploited remotely to gain privileges.
- A remote code execution vulnerability in PowerShell can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in .NET Framework can be exploited remotely to execute arbitrary code.
Original advisories
Exploitation
Public exploits exist for this vulnerability.
Related products
CVE list
CVE-2022-41076 critical
CVE-2022-44704 critical
CVE-2022-41089 critical
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
- PE
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
Affected Products
- Microsoft .NET Framework 3.5 AND 4.8.1Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 4.8.NET 7.0Windows SysmonMicrosoft .NET Framework 3.5.1Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft .NET Framework 3.5Microsoft Visual Studio 2022 version 17.4.NET 6.0PowerShell 7.3Microsoft .NET Framework 4.6.2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 AND 4.8Microsoft Visual Studio 2022 version 17.2PowerShell 7.2Microsoft Visual Studio 2022 version 17.0Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.5 AND 4.7.2.NET Core 3.1Microsoft .NET Framework 3.5 AND 4.6/4.6.2
References
support.microsoft.com/kb/5020868
support.microsoft.com/kb/5020873
support.microsoft.com/kb/5020880
support.microsoft.com/kb/5021079
support.microsoft.com/kb/5021080
support.microsoft.com/kb/5021081
support.microsoft.com/kb/5021082
support.microsoft.com/kb/5021085
support.microsoft.com/kb/5021086
support.microsoft.com/kb/5021087
support.microsoft.com/kb/5021088
support.microsoft.com/kb/5021089
support.microsoft.com/kb/5021090
support.microsoft.com/kb/5021091
support.microsoft.com/kb/5021092
support.microsoft.com/kb/5021093
support.microsoft.com/kb/5021094
support.microsoft.com/kb/5021095
support.microsoft.com/kb/5021243
support.microsoft.com/kb/5021953
support.microsoft.com/kb/5021954
support.microsoft.com/kb/5021955
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41076
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41089
msrc.microsoft.com/update-guide/vulnerability/CVE-2022-44704
statistics.securelist.com/
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
threats.kaspersky.com/en/product/Microsoft-Visual-Studio/
threats.kaspersky.com/en/product/Microsoft-Windows/
Related
8.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
9.3 High
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
82.5%