Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0063 Microsoft Patch Tuesday (March 2020): Microsoft Developer Tools 11 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Azure DevOps Server 2019 Microsoft Visual Studio 2015 Microsoft Visual Studio 2017 Microsoft Visual Studio 2019 Team Foundation Server 2017 Team Foundation Server 2018 Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Existing Account Increased Privileges -- Existing Account Modify Permissions -- Existing Account Delete Arbitrary Files -- Existing Account Cross-site Scripting -- Existing Account Denial of Service -- Existing Account Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-0884 CVE-2020-0815 CVE-2020-0810 CVE-2020-0793 CVE-2020-0789 CVE-2020-0758 CVE-2020-0700 Member content until: Friday, April 10 2020 OVERVIEW Azure DevOps Server 2019 Update 1 Azure DevOps Server 2019 Update 1.1 Azure DevOps Server 2019.0.1 Microsoft Visual Studio 2015 Update 3 Microsoft Visual Studio 2017 version 15.9 (includes 15.1 - 15.8) Microsoft Visual Studio 2019 version 16.0 Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3) Team Foundation Server 2017 Update 3.1 Team Foundation Server 2018 Update 1.2 Team Foundation Server 2018 Update 3.2 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2020-0700 Spoofing Important CVE-2020-0758 Elevation of Privilege Important CVE-2020-0789 Denial of Service Important CVE-2020-0793 Elevation of Privilege Important CVE-2020-0810 Elevation of Privilege Important CVE-2020-0815 Elevation of Privilege Important CVE-2020-0884 Spoofing Important MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4538032 REFERENCES [1] Microsoft Security Update Guidance https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXmhj/maOgq3Tt24GAQivCg/8C+5q2AK9olD67ilfzYyCoV6t4v9CuVsI 0p8iXqpit2I3soaSXWjwUNXTPh5lVNkDKvzt4KHAyF7ZJguSpd4KK0giv8q0w7zG wr5QzjFwchkI4/WluNYsGiyBPtJpMvRKKZ7WwhuxS4hXrI9NYH4OQ3hnqR0mo91X ryB9qkyoq1Bne4rngVlvq+0ac7bcxHdsrPuqRjAfIy27287+qc5z90MUn/HpcA8w AP/L4AomldNTzcWYbMh+9qJfY6THmYVtVuV+FUOLr6M+ny7JBc4PYJbuq4OVt4tE t+/W0chBEX5xHQ2ZpDhIhlsUCoBstayAI5mddCUMoFjxyE+MHLd8lvyFLG7/eX2+ O21i4/DWSTW8SM2aCpTNENIwZStu/jMvUIL1tmUnPA24V1pE7UlZFkA/6FqZwhUt GgF87/kEXBZht9ypmuUERoPobAoJh4IWjDXjzLt7MlmevFVUHuOX8NANaRQH2yDY 9j5X+jmsK3t7kU1uixJzCgiSnhgnvDPJ+q+ItYk06fQFUWoehtqHsEpugSsIBys5 SJm5FthT876/hg3WevJAAFS/q+Hy0vPaV1HjK9r2/C9TwDCNrI6UklMuC+u2/ZHT XU/3SrVxYhSg5ZM2TrQ30E0XUMgy3Sqc+sHzwH6rk9RBSk/ksviovgwH8lK7KpDJ 9I+jSnStfAE= =JejE -----END PGP SIGNATURE-----