CVE-2021-36952
published 2021-09-15CVE-2021-36952: Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability
high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
54.17%
98.9th percentile
Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | microsoft_visual_studio_2017_version_15.9 | >= 15.9.0 < 15.9.39 | 15.9.39 |
| microsoft | microsoft_visual_studio_2019_version_16.4 | >= 16.0 < 16.4.26 | 16.4.26 |
| microsoft | microsoft_visual_studio_2019_version_16.7 | >= 16.0.0 < 16.7.19 | 16.7.19 |
| msrc | microsoft_visual_studio_2017_version_15.9 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.4 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.7 | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- ·CVE-2021-36952 affects Visual Studio and is rated 'Exploitation Less Likely' for both latest and older software releases, with no public exploit or in-the-wild exploitation confirmed at time of advisory. ↗
- ·The vulnerability class is Remote Code Execution in Visual Studio. No technical exploitation details, payloads, or attack patterns are disclosed in the available sources. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
cvelistv57.8HIGH
vendor_msrc7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Visual Studio Remote Code Execution Vulnerability
vendor_msrc·2021-09-14·CVSS 7.8
CVE-2021-36952 [HIGH] Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Visual Studio: Visual Studio
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Remediation: Release Notes
Reference: http://aka.ms/vs/15/release/latest
Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.4
Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2019 version 16.7
CVEList
Visual Studio Remote Code Execution Vulnerability
cvelistv5·2021-09-15·CVSS 7.8
CVE-2021-36952 [HIGH] Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
Visual Studio Remote Code Execution Vulnerability
No detection rules found.
No public exploits indexed.
Qualys
Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities
blogs_qualys·2021-09-14·CVSS 8.1
CVE-2021-40444 [HIGH] Microsoft and Adobe Patch Tuesday (September 2021) – Microsoft 60 Vulnerabilities with 3 Critical, Adobe 61 Vulnerabilities
## Microsoft Patch Tuesday – September 2021
Microsoft patched 60 vulnerabilities in their September 2021 Patch Tuesday release, and an additional 26 CVEs since September 1st. Among the 60 released in the September Patch Tuesday, 3 of them are rated as critical severity, one as moderate, and 56 as important.
## Critical Microsoft Vulnerabilities Patched
CVE-2021-40444 – Microsoft MSHTML Remote Code Execution Vulnerability
This vulnerability has been publicly disclosed and is known to be exploited. The vulnerability allows for remote code execution via MSHTML, a component used by Internet Explorer and Office. Microsoft also released a workaround to show how users can disable ActiveX controls in IE. The vendor has assigned a CVSSv3 base score of 8.8. It should be prioritized for patching.
Trendmicro
September Patch Tuesday: 66 Bulletins, Only 3 Critical
blogs_trendmicro·2021-09-14·CVSS 8.1
[HIGH] September Patch Tuesday: 66 Bulletins, Only 3 Critical
Exploits & Vulnerabilities
# September Patch Tuesday: 66 Bulletins, Only 3 Critical
The September 2021 Patch Tuesday cycle is relatively good news for system administrators with only 66 total bulletins. Perhaps more significantly, only three of these were Critical bulletins.
By: Trend Micro
2021/09/14
Read time: ( words)
Save to Folio
The September 2021 Patch Tuesday cycle is relatively good news for system administrators with only 66 total bulletins. Perhaps more significantly, only three of these were Critical bulletins. Eleven of these bulletins fixed vulnerabilities that were disclosed to Microsoft via the Zero Day Initiative. Overall, the month offers system administrators a chance to catch up on other necessary tasks.
Only 3 Critical Patches for September
As mentioned previou
2021-09-15
Published