Detections
Analytics
Security Updates for Microsoft Visual Studio Products (August 2021)
medium Nessus Plugin ID 152423
Language:
Synopsis
The Microsoft Visual Studio Products are missing a security update.Description
The Microsoft Visual Studio Products are missing a security update. They are, therefore, affected by multiple vulnerabilities:- A denial of service (DoS) vulnerability. An attacker can exploit this issue to cause the affected component to deny system or application services. (CVE-2021-26423)
- An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. (CVE-2021-34485, CVE-2021-34532)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Microsoft has released the following security updates to address this issue:- Update 15.9.38 for Visual Studio 2017
- Update 16.4.25 for Visual Studio 2019
- Update 16.7.18 for Visual Studio 2019
- Update 16.9.10 for Visual Studio 2019
- Update 16.11.0 for Visual Studio 2019
See Also
http://www.nessus.org/u?e9b6ca5e
http://www.nessus.org/u?1cd425f6
http://www.nessus.org/u?4e273a4b
Plugin Details
Severity: Medium
ID: 152423
File Name: smb_nt_ms21_aug_visual_studio.nasl
Version: 1.6
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 8/10/2021
Updated: 9/16/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Low
Base Score: 2.1
Temporal Score: 1.6
Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS Score Source: CVE-2021-34532
CVSS v3
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 4.8
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: cpe:/a:microsoft:visual_studio
Required KB Items: SMB/Registry/Enumerated, installed_sw/Microsoft Visual Studio
Exploit Ease: No known exploits are available
Patch Publication Date: 8/10/2021
Vulnerability Publication Date: 8/10/2021
Reference Information
CVE: CVE-2021-26423, CVE-2021-34485, CVE-2021-34532
IAVA: 2021-A-0380-S