Kaspersky LabKLA65508KLA65508 Multiple vulnerabilities in Microsoft Developer Tools
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
39.1%
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to execute arbitrary code.
Below is a complete list of vulnerabilities:
- A remote code execution vulnerability in Microsoft ODBC Driver for SQL Server can be exploited remotely to execute arbitrary code.
- A remote code execution vulnerability in .NET, .NET Framework, and Visual Studio can be exploited remotely to execute arbitrary code.
Original advisories
Related products
CVE list
CVE-2024-28933 high
CVE-2024-28931 high
CVE-2024-28932 high
CVE-2024-28936 high
CVE-2024-28937 high
CVE-2024-28935 high
CVE-2024-28938 high
CVE-2024-28929 high
CVE-2024-28930 high
CVE-2024-21409 high
CVE-2024-28934 high
KB list
Solution
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Impacts
- ACE
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Affected Products
- Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2Microsoft .NET Framework 3.5 AND 4.8Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft .NET Framework 3.5 AND 4.8.1.NET 7.0Microsoft Visual Studio 2022 version 17.6.NET 6.0Microsoft Visual Studio 2022 version 17.9Microsoft .NET Framework 3.5 AND 4.7.2.NET 8.0Microsoft Visual Studio 2022 version 17.4Microsoft Visual Studio 2022 version 17.8Microsoft .NET Framework 4.8Microsoft .NET Framework 4.6.2
References
support.microsoft.com/kb/5036609
support.microsoft.com/kb/5036620
support.microsoft.com/kb/5036899
support.microsoft.com/kb/5037033
support.microsoft.com/kb/5037034
support.microsoft.com/kb/5037035
support.microsoft.com/kb/5037036
support.microsoft.com/kb/5037037
support.microsoft.com/kb/5037038
support.microsoft.com/kb/5037039
support.microsoft.com/kb/5037040
support.microsoft.com/kb/5037041
support.microsoft.com/kb/5037127
support.microsoft.com/kb/5037128
support.microsoft.com/kb/5037336
support.microsoft.com/kb/5037337
support.microsoft.com/kb/5037338
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21409
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28929
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28930
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28931
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28932
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28933
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28934
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28935
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28936
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28937
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28938
statistics.securelist.com/
threats.kaspersky.com/en/product/.NET/
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
threats.kaspersky.com/en/product/Microsoft-Visual-Studio/
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
39.1%