As BSI is presently reporting, an IT safety alert, concerning a vulnerability in Microsoft Developer Tools, has obtained an replace. You can examine which merchandise are affected by safety holes right here at information.de.
Federal workplace for Security in Information Technology (BSI) reported a safety advisory for Microsoft Developer Tools on May 14, 2024. Several vulnerabilities have been present in using this software program that make it potential to assault. The safety vulnerability impacts Linux and Windows working techniques and the merchandise Microsoft Visual Studio 2022, Red Hat Enterprise Linux, Ubuntu Linux, Oracle Linux, Microsoft .NET Framework, Microsoft Visual Studio 2017 and Microsoft Visual Studio 2019. This remaining warning. issued on May twenty third .2024 up to date.
The newest producer suggestions for updates, workarounds and safety patches for this vulnerability will be discovered right here: Red Hat Security Advisory RHSA-2024:3345 (From 23 May 2024). Some helpful hyperlinks are listed later on this article.
Multiple vulnerabilities have been reported in Microsoft developer instruments – Risk: High
Risk stage: 4 (excessive)
CVSS Base Score: 9.0
CVSS provisional rating: 7,8
Remote management: Ja
The Common Vulnerability Scoring System (CVSS) is used to evaluate the severity of vulnerabilities in pc techniques. The CVSS normal makes it potential to match potential or precise safety dangers primarily based on varied standards as a way to prioritize countermeasures. The attributes “none”, “low”, “medium”, “excessive” and “extreme” are used to find out the severity ranges of vulnerability. The Base Score evaluates the necessities of an assault (together with authentication, complexity, privileges, person interplay) and its outcomes. Temporal scores additionally bear in mind modifications over time within the threat scenario. According to CVSS, the present vulnerability risk is rated as “excessive” on the idea of 9.0 factors.
Microsoft Developer Tools Bug: Description of the assault
Microsoft Visual Studio is an built-in improvement atmosphere for high-level languages. The Microsoft .NET Framework is a element of the Microsoft Windows working system that allows the creation and implementation of software program applications and internet providers. It contains each a runtime atmosphere and a framework of sophistication libraries (APIs), together with the ASP programming language (ASP.NET), information entry (ADO.NET), good shopper purposes (Windows Forms), and extra.
A distant, unknown attacker may exploit a number of vulnerabilities in Microsoft Visual Studio and the Microsoft .NET Framework to execute arbitrary code or trigger a denial of service.
Vulnerabilities are recognized by CVE (Common Vulnerabilities and Exposures) serial numbers. CVE-2024-30045, CVE-2024-30046, CVE-2024-32002 and CVE-2024-32004 on the market.
Systems affected by the safety hole at a look
Operating techniques
Linux, Windows
Products
Microsoft Visual Studio 2022 17.4 (cpe:/a:microsoft:visual_studio_2022)
Microsoft Visual Studio 2022 17.6 (cpe:/a:microsoft:visual_studio_2022)
Microsoft Visual Studio 2022 17.8 (cpe:/a:microsoft:visual_studio_2022)
Red Hat Enterprise Linux (cpe:/o:redhat:enterprise_linux)
Ubuntu Linux (cpe:/o:canonical:ubuntu_linux)
Oracle Linux (cpe:/o:oracle:linux)
Microsoft .NET Framework 7.0 (cpe:/a:microsoft:.net_framework)
Microsoft .NET Framework 8.0 (cpe:/a:microsoft:.net_framework)
Microsoft Visual Studio 2022 17.9 (cpe:/a:microsoft:visual_studio_2022)
Microsoft Visual Studio 2017 15.0-15.9 (cpe:/a:microsoft:visual_studio_2017)
Microsoft Visual Studio 2019 16.0-16.11 (cpe:/a:microsoft:visual_studio_2019)
Common steps to handle IT safety gaps
- Users of affected techniques ought to keep up-to-date. When safety holes are recognized, producers are required to repair them rapidly by growing a patch or workaround. If safety patches can be found, set up them instantly.
- For info, see the sources listed within the subsequent part. This usually comprises further details about the most recent model of the software program in query and the supply of safety patches or efficiency ideas.
- If you could have any additional questions or uncertainties, please contact your accountable administrator. IT safety managers ought to usually test the required sources to see if a brand new safety replace is on the market.
Manufacturer details about updates, patches and workarounds
Here you’ll discover some hyperlinks with details about bug experiences, safety fixes and workarounds.
Red Hat Security Advisory RHSA-2024:3345 vom 2024-05-23 (23.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:3340 vom 2024-05-23 (23.05.2024)
For extra info, see:
Ubuntu Security Notice USN-6773-1 vom 2024-05-16 (16.05.2024)
For extra info, see:
Oracle Linux Security Advisory ELSA-2024-2842 vom 2024-05-16 (15.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2842 vom 2024-05-14 (14.05.2024)
For extra info, see:
Red Hat Security Advisory RHSA-2024:2843 vom 2024-05-14 (14.05.2024)
For extra info, see:
Fedora Security Advisory FEDORA-2024-ECBA8476E2 vom 2024-05-15 (14.05.2024)
For extra info, see:
Microsoft Security Update Guide for 2024-05-14 (14.05.2024)
For extra info, see:
Version historical past of this safety alert
This is model 4 of this IT safety discover for Microsoft developer instruments. If additional updates are introduced, this doc shall be up to date. You can see the modifications made utilizing the model historical past beneath.
May 14, 2024 – First model
May 15, 2024 – New Oracle Linux updates added
May 16, 2024 – Added new persona updates
05/23/2024 – New updates from Red Hat have been added
+++ Editorial word: This doc is predicated on present BSI information and shall be up to date in a data-driven method relying on the standing of the alert. We welcome suggestions and feedback at [email protected]. +++
observe News.de you’re right here Facebook, Twitter, Pinterest once more YouTube? Here you’ll discover scorching information, present movies and a direct line to the editorial group.
kns/roj/information.de