Security Update for Visual Studio 2019 (April 2022) (macOS)

high Nessus Plugin ID 159887

Synopsis

The remote host has an application installed that is missing a security update.

Description

The Microsoft Visual Studio Products installed on the remote macOS or Mac OS X host is missing a security update. It is, therefore, affected by multiple vulnerabilities including the following:

- An elevation of privilege vulnerability. An attacker can exploit this to gain elevated privileges. (CVE-2022-24513)

- A buffer overflow vulnerability. An attacker can exploit this to trigger crash in the system. (CVE-2020-8927)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version

Solution

Microsoft has released the following security updates to address this issue:
- Update 8.10.22.11 for Visual Studio 2019
- Update 17.0.0.8567 for Visual Studio 2022

See Also

http://www.nessus.org/u?42c6b349

http://www.nessus.org/u?3cbcc207

Plugin Details

Severity: High

ID: 159887

File Name: macos_ms22_apr_visual_studio.nasl

Version: 1.4

Type: local

Agent: macosx

Published: 4/19/2022

Updated: 11/1/2023

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 6.4

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS Score Source: CVE-2020-8927

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7.2

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2022-24513

Vulnerability Information

CPE: cpe:/a:microsoft:visual_studio

Required KB Items: installed_sw/Visual Studio, Host/local_checks_enabled, Host/MacOSX/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/12/2022

Vulnerability Publication Date: 4/12/2022

Reference Information

CVE: CVE-2020-8927, CVE-2022-24513