CVE-2021-43907
published 2021-12-15CVE-2021-43907: Visual Studio Code WSL Extension Remote Code Execution Vulnerability
PriorityP260critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITW
Exploited in the wild
EPSS
3.79%
88.6th percentile
Visual Studio Code WSL Extension Remote Code Execution Vulnerability
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | visual_studio_code_wsl_extension | < 0.63.11 | 0.63.11 |
| microsoft | windows_subsystem_for_linux | < 0.63.11 | 0.63.11 |
| msrc | visual_studio_code_wsl_extension | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
vendor_msrc9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Microsoft
Visual Studio Code WSL Extension Remote Code Execution Vulnerability
vendor_msrc·2021-12-14·CVSS 9.8
CVE-2021-43907 [CRITICAL] Visual Studio Code WSL Extension Remote Code Execution Vulnerability
Visual Studio Code WSL Extension Remote Code Execution Vulnerability
Visual Studio Code - WSL Extension: Visual Studio Code - WSL Extension
Microsoft: Microsoft
Impact: Remote Code Execution
Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;Older Software Release:Exploitation Less Likely;DOS:N/A
Remediation: Release Notes
Reference: https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-wsl
GHSA
GHSA-pq7c-f7ch-qfh7: Visual Studio Code WSL Extension Remote Code Execution Vulnerability
ghsa_unreviewed·2021-12-16
CVE-2021-43907 [CRITICAL] GHSA-pq7c-f7ch-qfh7: Visual Studio Code WSL Extension Remote Code Execution Vulnerability
Visual Studio Code WSL Extension Remote Code Execution Vulnerability
No detection rules found.
No public exploits indexed.
2021-12-15
Published
Exploited in the wild