-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2022.0079
Microsoft Patch Tuesday update for Microsoft Developer Tools for April 2022
                               13 April 2022

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:          Microsoft .NET Framework
                  Microsoft Visual Studio
                  YARP
Operating System: Windows
                  macOS
Resolution:       Patch/Upgrade
CVE Names:        CVE-2022-26924 CVE-2022-26921 CVE-2022-26832
                  CVE-2022-24767 CVE-2022-24765 CVE-2022-24513

Comment: CVSS (Max):  7.8* CVE-2022-24513 (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
         CVSS Source: Microsoft
         Calculator:  https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

OVERVIEW

        Microsoft has released its monthly security patch update for the
        month of April 2022.
        
        This update resolves 6 vulnerabilities across the following products:
        [1]
        
         Microsoft .NET Framework 2.0 Service Pack 2
         Microsoft .NET Framework 3.0 Service Pack 2
         Microsoft .NET Framework 3.5
         Microsoft .NET Framework 3.5 AND 4.7.2
         Microsoft .NET Framework 3.5 AND 4.8
         Microsoft .NET Framework 3.5.1
         Microsoft .NET Framework 4.5.2
         Microsoft .NET Framework 4.6
         Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2
         Microsoft .NET Framework 4.8
         Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
         Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)
         Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)
         Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)
         Microsoft Visual Studio 2022 version 17.0
         Microsoft Visual Studio 2022 version 17.1
         Visual Studio 2019 for Mac version 8.10
         Visual Studio Code
         YARP 1.0
         YARP 1.1RC


IMPACT

        Microsoft has given the following details regarding these vulnerabilities.
        
         Details         Impact                   Severity
         CVE-2022-24513  Elevation of Privilege   Important
         CVE-2022-24765  Elevation of Privilege   Important
         CVE-2022-24767  Elevation of Privilege   Important
         CVE-2022-26832  Denial of Service        Important
         CVE-2022-26921  Elevation of Privilege   Important
         CVE-2022-26924  Denial of Service        Important


MITIGATION

        Microsoft recommends updating the software with the version made
        available on the Microsoft Update Catalogue for the following
        Knowledge Base articles. [1].
        
         KB5012117, KB5012118, KB5012120, KB5012121, KB5012123
         KB5012324, KB5012325, KB5012326, KB5012327, KB5012328
         KB5012329, KB5012330, KB5012331, KB5012332


REFERENCES

        [1] Microsoft Security Update Guidance
            https://portal.msrc.microsoft.com/en-us/security-guidance

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYlYm3ONLKJtyKPYoAQgunBAAqxPq6Hgw4pD9MynINYMe3d9B3oCVb7Ud
lA+xYEZQF0d1fNxilcm6ytbQwMchb7t3dA7W0BgWAQ/Wa3c7DEDUwuFiS8OrCipc
eFp2VLPX/pW5EZbyBJtnGYN118cio/rW6Ra6k7VzaBxjBABF1Cm/GitkfKh3x1Ax
aoeAnZy2Fzg00uiHblZ9LSByWMmcj5LBC3fd4YYKaVUeaRyiV21ZTCFS29kGLmeG
MOpnT3IaWzXykPX8uy9T8TudOCWk0NzyJvgb3muZgnPXDbeCWGVOAixrX6BcF4x8
Al6M+hLRoenPbK7oF1HOPvg3ATqqt/uUDkYY+eMxEApsXVOnwoZC5klYfBTjv5wn
NhkpsJ3lXg7Zj/bhGsNywAdlijh7fZPzlKQUeyE0XA+TwAnzurmPkhZL8HwObAqH
OPu+63Wr/Om/m/mz7Ek6uXAswkx2qSdplG6wmv68Z7LmVIMNVjuebOywW9cZ8J/i
tl0t0lyYUmdmWn12G1EH5TwkK9V6iirUKc1oUpo3vV1e3mnOqn1YXtnZF0kMIvNb
QH2j+aZ/SSgjT0vA+Wpd/VnIEsI5nlF1SemJAL+UNW3D5uud16h0zCiLa+mlIs28
qIHkwMsJhnb5oQEIixlIVCh1jg6unp81yNkhlR1WH3OMftz2q1FMhhz7Lg2l09sB
tkXlnKNehnI=
=eWVY
-----END PGP SIGNATURE-----