Detections
Analytics

Security Update for Microsoft Visual Studio Code (June 2023)

medium Nessus Plugin ID 177353

Language:

Synopsis

The remote host has an application installed that is missing a security update.

Description

The version of Microsoft Visual Studio Code installed on the remote Windows host is prior to 1.79.1. It is, therefore, affected by a session spoofing vulnerability. An attacker can exploit this to perform actions with the privileges of another user.

Solution

Upgrade to Microsoft Visual Studio Code 1.79.1 or later.

See Also

https://code.visualstudio.com/updates/v1_79

Plugin Details

Severity: Medium

ID: 177353

File Name: smb_nt_ms23_jun_visual_studio_code.nasl

Version: 1.4

Type: local

Agent: windows

Family: Windows

Published: 6/15/2023

Updated: 9/25/2023

Configuration: Enable thorough checks

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 4.6

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:N

CVSS Score Source: CVE-2023-33144

CVSS v3

Risk Factor: Medium

Base Score: 6.6

Temporal Score: 5.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:visual_studio_code

Required KB Items: SMB/Registry/Enumerated, installed_sw/Microsoft Visual Studio Code

Exploit Ease: No known exploits are available

Patch Publication Date: 6/13/2023

Vulnerability Publication Date: 6/13/2023

Reference Information

CVE: CVE-2023-33144

IAVA: 2023-A-0299-S