CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
45.0%
Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code.
Below is a complete list of vulnerabilities:
CVE-2024-38095 high
CVE-2024-38081 high
CVE-2024-35264 high
CVE-2024-30105 high
CVE-2024-35272 high
Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)
Arbitrary code execution. Exploitation of vulnerabilities with this impact can lead to executing by abuser any code or commands at vulnerable machine or process.
Denial of service. Exploitation of vulnerabilities with this impact can lead to loss of system availability or critical functional fault.
Privilege escalation. Exploitation of vulnerabilities with this impact can lead to performing by abuser actions, which are normally disallowed for current role.
support.microsoft.com/kb/5039885
support.microsoft.com/kb/5039895
support.microsoft.com/kb/5040434
support.microsoft.com/kb/5040438
support.microsoft.com/kb/5040448
support.microsoft.com/kb/5041016
support.microsoft.com/kb/5041017
support.microsoft.com/kb/5041018
support.microsoft.com/kb/5041019
support.microsoft.com/kb/5041020
support.microsoft.com/kb/5041021
support.microsoft.com/kb/5041022
support.microsoft.com/kb/5041023
support.microsoft.com/kb/5041024
support.microsoft.com/kb/5041026
support.microsoft.com/kb/5041027
support.microsoft.com/kb/5041080
support.microsoft.com/kb/5041081
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30105
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35264
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38081
msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38095
statistics.securelist.com/
threats.kaspersky.com/en/product/.NET/
threats.kaspersky.com/en/product/Microsoft-.NET-Framework/
threats.kaspersky.com/en/product/Microsoft-Visual-Studio/
threats.kaspersky.com/en/product/PowerShell/