Security Updates for Microsoft Visual Studio Products (November 2020)

medium Nessus Plugin ID 142694

Synopsis

The Microsoft Visual Studio Products are affected by a tampering vulnerability.

Description

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by a tampering vulnerability. The vulnerability exists when the Python Tools for Visual Studio creates the python27 folder. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

Solution

Update the Visual Studio installation to one of the following versions, or later:
- VS 2017 15.9.29
- VS 2019 16.0.20
- VS 2019 16.4.15
- VS 2019 16.8.0

See Also

http://www.nessus.org/u?e7ba563f

http://www.nessus.org/u?a8a4791b

http://www.nessus.org/u?1d93e731

http://www.nessus.org/u?6acccbd8

Plugin Details

Severity: Medium

ID: 142694

File Name: smb_nt_ms20_nov_visual_studio.nasl

Version: 1.6

Type: local

Agent: windows

Published: 11/10/2020

Updated: 6/27/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2020-17100

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:visual_studio

Required KB Items: SMB/MS_Bulletin_Checks/Possible, installed_sw/Microsoft Visual Studio

Exploit Ease: No known exploits are available

Patch Publication Date: 11/10/2020

Vulnerability Publication Date: 11/10/2020

Reference Information

CVE: CVE-2020-17100

IAVA: 2020-A-0519-S