Detections
Analytics
Security Updates for Microsoft Visual Studio Products (October 2024)
high Nessus Plugin ID 208750
Synopsis
The Microsoft Visual Studio Products are affected by multiple vulnerabilities.Description
The Microsoft Visual Studio Products are missing security updates. They are, therefore, affected by multiple vulnerabilities, including:- .NET Denial of Service Vulnerability in System.Security.Cryptography.Cose, System.IO.Packaging, System.Runtime.Caching (CVE-2024-43483)
- .NET Denial of Service Vulnerability in System.IO.Packaging (CVE-2024-43484)
- Elevation of Privilege Vulnerability in Visual Studio C++ Redistributable Installer (CVE-2024-43590)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Microsoft has released the following security updates to address this issue:- Update 17.6.20 for Visual Studio 2022
- Update 17.8.15 for Visual Studio 2022
- Update 17.11.5 for Visual Studio 2022
- Update 17.10.8 for Visual Studio 2022
See Also
http://www.nessus.org/u?db3c4e1c
http://www.nessus.org/u?075270bf
Plugin Details
Severity: High
ID: 208750
File Name: smb_nt_ms24_oct_visual_studio.nasl
Version: 1.1
Type: local
Agent: windows
Family: Windows : Microsoft Bulletins
Published: 10/11/2024
Updated: 10/11/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: High
Score: 7.4
CVSS v2
Risk Factor: High
Base Score: 7.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2024-43483
CVSS v3
Risk Factor: High
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Information
CPE: cpe:/a:microsoft:visual_studio
Required KB Items: SMB/MS_Bulletin_Checks/Possible, SMB/Registry/Enumerated, installed_sw/Microsoft Visual Studio
Patch Publication Date: 10/8/2024
Vulnerability Publication Date: 10/8/2024
Reference Information
CVE: CVE-2024-43483, CVE-2024-43484, CVE-2024-43485, CVE-2024-43590, CVE-2024-43603
IAVA: 2024-A-0626