Security Updates for Microsoft Visual Studio Products (July 2020)

high Nessus Plugin ID 138473

Synopsis

The Microsoft Visual Studio Products are affected by multiple vulnerabilities.

Description

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities :

- A remote code execution vulnerability exists in Visual Studio when the software fails to check the source markup of XML file input. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the process responsible for deserialization of the XML content. (CVE-2020-1147)

- An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior. An attacker who successfully exploited this vulnerability could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.
(CVE-2020-1393)

- An elevation of privilege vulnerability exists in Visual Studio and Visual Studio Code when they load software dependencies. A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. To exploit this vulnerability, a local attacker would need to plant malicious content on an affected computer and wait for another user to launch Visual Studio or Visual Studio Code. (CVE-2020-1416)

Solution

Microsoft has released the following security updates to address this issue:
- KB4567703
- Update 15.9.25 for Visual Studio 2017
- Update 16.0.16 for Visual Studio 2019
- Update 16.4.11 for Visual Studio 2019
- Update 16.6.4 for Visual Studio 2019

See Also

http://www.nessus.org/u?6e09a167

Plugin Details

Severity: High

ID: 138473

File Name: smb_nt_ms20_jul_visual_studio.nasl

Version: 1.13

Type: local

Agent: windows

Published: 7/14/2020

Updated: 6/27/2022

Risk Information

VPR

Risk Factor: Critical

Score: 9.2

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

CVSS Score Source: CVE-2020-1416

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.4

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: E:H/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:visual_studio

Required KB Items: SMB/MS_Bulletin_Checks/Possible, installed_sw/Microsoft Visual Studio

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/14/2020

Vulnerability Publication Date: 7/14/2020

CISA Known Exploited Dates: 5/3/2022

Exploitable With

Metasploit (SharePoint DataSet / DataTable Deserialization)

Reference Information

CVE: CVE-2020-1147, CVE-2020-1393, CVE-2020-1416

MSKB: 4567703

MSFT: MS20-4567703

IAVA: 2020-A-0309-S