Msrc Microsoft Visual Studio 2022 Version 17.4 vulnerabilities

CVE-2023-32028 [HIGH] CWE-122 Microsoft SQL OLE DB Remote Code Execution Vulnerability Microsoft SQL OLE DB Remote Code Execution Vulnerability FAQ: If I normally install GDR versions and have not installed the June Cumulative Update, am I affected by the vulnerability? Yes, customers who have installed Microsoft SQL Server 2022 for x64-based Systems (GDR) or Microsoft SQL Server 2019 for x64-based Systems (GDR) are vulnerable. Microsoft recommends updating to the latest cumulative update to be

CVE-2023-32025 [HIGH] CWE-122 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out

CVE-2023-27910 [HIGH] AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior AutoDesk: CVE-2023-27910 stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior FAQ: Why is this AutoDesk CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in AutoDesk software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio a

CVE-2023-27909 [HIGH] CWE-122 AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior AutoDesk: CVE-2023-27909 Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK 2020 or prior FAQ: Why is this AutoDesk CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in AutoDesk software which is consumed by the Microsoft products listed in the Security Updates table. It is being documented in the Security Update Guide to announce t

CVE-2023-24895 [HIGH] .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out lo

CVE-2023-29011 [HIGH] CWE-23 GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing GitHub: CVE-2023-29011 The config file of `connect.exe` is susceptible to malicious placing FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio

CVE-2023-24897 [HIGH] CWE-122 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carrie

CVE-2023-25652 [HIGH] GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write GitHub: CVE-2023-25652 "git apply --reject" partially-controlled arbitrary file write FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. P

CVE-2023-25815 [LOW] GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place GitHub: CVE-2023-25815 Git looks for localized messages in an unprivileged place FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Ple

CVE-2023-33139 [MEDIUM] CWE-125 Visual Studio Information Disclosure Vulnerability Visual Studio Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited this vulnerability could potentially read small portions of heap memory. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure? The attack itself is carried out locally.

CVE-2023-32032 [MEDIUM] CWE-20 .NET and Visual Studio Elevation of Privilege Vulnerability .NET and Visual Studio Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to invest time in repeated exploitation attempts through sending constant or intermittent data. FAQ: What privileges could be gained by an attacker who successfull

CVE-2023-28260 [HIGH] .NET DLL Hijacking Remote Code Execution Vulnerability .NET DLL Hijacking Remote Code Execution Vulnerability FAQ: According to the CVSS metric, privileges required is low (PR:L). What does that mean for this vulnerability? Any authenticated user could trigger this vulnerability. It does not require admin or other elevated privileges. FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution?

CVE-2023-28262 [HIGH] CWE-122 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could gain administrator privileges. Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Elevation of Privilege Exploit Status: Publicly Disclosed:No;Exploited:No;Latest

CVE-2023-28296 [HIGH] CWE-415 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is a remote code execution? The word Remote in the title refers to the location of the attacker. This type of exploit is sometimes referred to as Arbitrary Code Execution (ACE). The attack itself is carried out locally. For example, when the score indicates

CVE-2023-28263 [MEDIUM] CWE-170 Visual Studio Information Disclosure Vulnerability Visual Studio Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? Exploiting this vulnerability crosses the kernel security boundary and can lead to system information disclosure. Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Information Disclosure Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Softw

CVE-2023-28299 [MEDIUM] Visual Studio Spoofing Vulnerability Visual Studio Spoofing Vulnerability Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Spoofing Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely;DOS:N/A Remediation: Release Notes Reference: http://aka.ms/vs/15/release/latest Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.2 Reference: https://my.visualstud

CVE-2023-22490 [MEDIUM] GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability GitHub: CVE-2023-22490 mingit Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? This vulnerability could disclose sensitive information on the victim's file system as well as achieve data exfiltration. FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in MinGit software which is consumed

CVE-2023-23946 [MEDIUM] GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability GitHub: CVE-2023-23946 mingit Remote Code Execution Vulnerability FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in MinGit software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Security Update Guide Suppor

CVE-2023-23618 [HIGH] GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability GitHub: CVE-2023-23618 Git for Windows Remote Code Execution Vulnerability FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vulnerable. Please see Sec

CVE-2023-22743 [HIGH] GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability GitHub: CVE-2023-22743 Git for Windows Installer Elevation of Privilege Vulnerability FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of Visual Studio are no longer vuln