⚠ Exploited in the wild
Exploitation observed in the wild. Not yet on CISA KEV.

CVE-2021-43907Microsoft Visual Studio Code WSL Extension vulnerability

4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
10.1%
top 6.88%
CISA KEV
Not in KEV
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Microsoft Visual Studio Code WSL ExtensionMicrosoft Windows Subsystem FOR LinuxMsrc Visual Studio Code WSL Extension
Timeline
PublishedDec 15
Latest updateDec 16

Description

Visual Studio Code WSL Extension Remote Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-pq7c-f7ch-qfh7: Visual Studio Code WSL Extension Remote Code Execution Vulnerability2021-12-16

📋Vendor Advisories

1
Microsoft
Visual Studio Code WSL Extension Remote Code Execution Vulnerability2021-12-14

🕵️Threat Intelligence

1
Crowdstrike
December 2021 Patch Tuesday: Updates and Analysis