Detections
Analytics

Security Updates for Microsoft Visual Studio Products (July 2024)

high Nessus Plugin ID 202032

Language:

Synopsis

The Microsoft Visual Studio Products are affected by multiple vulnerabilities.

Description

The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including:

 - .NET Core and Visual Studio Denial of Service Vulnerability. (CVE-2024-30105, CVE-2024-38095)

 - .NET and Visual Studio Remote Code Execution Vulnerability. (CVE-2024-35264)

 - .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. (CVE-2024-38081)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Microsoft has released the following security updates to address this issue:
 - Update 17.4.21 for Visual Studio 2022
 - Update 17.6.17 for Visual Studio 2022
 - Update 17.8.12 for Visual Studio 2022
 - Update 17.10.4 for Visual Studio 2022

See Also

http://www.nessus.org/u?1b5d94d6

http://www.nessus.org/u?6bfc7518

http://www.nessus.org/u?ab6fdc7c

http://www.nessus.org/u?60f543bb

Plugin Details

Severity: High

ID: 202032

File Name: smb_nt_ms24_jul_visual_studio.nasl

Version: 1.6

Type: local

Agent: windows

Published: 7/9/2024

Updated: 8/16/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.6

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-35264

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:visual_studio

Required KB Items: SMB/MS_Bulletin_Checks/Possible, SMB/Registry/Enumerated, installed_sw/Microsoft Visual Studio

Exploit Ease: No known exploits are available

Patch Publication Date: 7/9/2024

Vulnerability Publication Date: 7/9/2024

Reference Information

CVE: CVE-2024-30105, CVE-2024-35264, CVE-2024-38081, CVE-2024-38095

IAVA: 2024-A-0398-S, 2024-A-0406-S