Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2022.0125 Microsoft Patch Tuesday update for Microsoft Developer Tools for May 2022 11 May 2022 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft .NET Framework .NET .NET Core Microsoft Visual Studio Visual Studio Code Operating System: Windows macOS Resolution: Patch/Upgrade CVE Names: CVE-2022-30130 CVE-2022-30129 CVE-2022-29148 CVE-2022-29145 CVE-2022-29117 CVE-2022-23267 Comment: CVSS (Max): 8.8 CVE-2022-30129 (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C) CVSS Source: Microsoft Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C OVERVIEW Microsoft has released its monthly security patch update for the month of May 2022. This update resolves 6 vulnerabilities across the following products: [1] .NET 5.0 .NET 6.0 .NET Core 3.1 Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 3.5 AND 4.7.2 Microsoft .NET Framework 3.5 AND 4.8 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 4.8 Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10) Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8) Microsoft Visual Studio 2022 version 17.0 Microsoft Visual Studio 2022 version 17.1 Visual Studio Code IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2022-23267 Denial of Service Important CVE-2022-29117 Denial of Service Important CVE-2022-29145 Denial of Service Important CVE-2022-29148 Remote Code Execution Important CVE-2022-30129 Remote Code Execution Important CVE-2022-30130 Denial of Service Low MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1]. KB5013624, KB5013625, KB5013627, KB5013628, KB5013630 KB5013837, KB5013838, KB5013839, KB5013840, KB5013868 KB5013870, KB5013871, KB5013872, KB5013873, KB5013952 KB5014326, KB5014329 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBYnsyReNLKJtyKPYoAQjjoQ//VD9/elo2vsIZeWvFzoY1i7u6GwZK2wFG yv2raxFmcuWcwFslVNl5ZOTZTyIJDvYtBLQBfMmHEt3A65MTSy3LnRGdZGdtBN4R QO+IH93AD3MQKUSC9ioOdOLaqZ9+N8pcsS0Pis/fdPmHwqT/rFFYd8rhE2aYkanx CXIeG5NRdKWqlUI0wG/7bHNSqa8/QXxe8iy0rpvWcG6eobKrblomyO7IVup4w3Gf wuDJlZwz6f8nPkHCJ6v5IkeswXcV/tDKQx/nqFxObM4h4M+pWQMQ9nl+N5LHNR1K FvtBnf6hUb108x2mYihUT4w3UUqfvL/kF2etTFXN4z0JZyhGCrfTsjtiBec6Q3w4 sHsli2ZLyoBRMV13QGvdNE60ZDVySQcAA2OQNLXX6cFv5+6XWUWqfCcmTmzKyWI9 QL0iXOVEuEh4yNIQXA2I013y9Fb2/+u4BjcJklkDzmR9WqX3QIQeHqeum9KKsMBy d+M+nGgxbSlfe5KRKsyATisH5NikzVUGxJ1pS6FKqa02b1CLNYA3v2xicdEiiyA6 lHM8E9QVDY4d9mDwyI8COGbUfbKE30DY1TOLhuj9EvQA+1/mlcasq/me6bobUTlC vUzfIb+OlLKh+MVqUgmFdA4GD5FYdu73NpF9QevyZRl2/GZYboZ3/iQLwtlavnW4 CqMoF+uFfss= =bI5p -----END PGP SIGNATURE-----