Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2020.0007 Security update for Microsoft Developer Tools 15 January 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Microsoft Developer Tools Operating System: Windows Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2020-0646 CVE-2020-0606 CVE-2020-0605 CVE-2020-0603 CVE-2020-0602 Member content until: Friday, February 14 2020 Reference: ASB-2020.0006 OVERVIEW Microsoft has released its monthly security patch update for the month of January 2020. This update resolves 6 vulnerabilities across the following products: [1] .NET Core 3.0 .NET Core 3.1 ASP.NET Core 2.1 ASP.NET Core 3.0 ASP.NET Core 3.1 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 Microsoft .NET Framework 3.5 AND 4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 3.5 AND 4.7.1/4.7.2 Microsoft .NET Framework 3.5 AND 4.7.2 Microsoft .NET Framework 3.5 AND 4.8 Microsoft .NET Framework 3.5.1 Microsoft .NET Framework 4.5.2 Microsoft .NET Framework 4.6 Microsoft .NET Framework 4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 4.6/4.6.1/4.6.2/4.7/4.7.1/4.7.2 Microsoft .NET Framework 4.8 IMPACT Microsoft has given the following details regarding these vulnerabilities. Details Impact Severity CVE-2020-0602 Denial of Service Important CVE-2020-0603 Remote Code Execution Critical CVE-2020-0605 Remote Code Execution Critical CVE-2020-0606 Remote Code Execution Critical CVE-2020-0646 Remote Code Execution Critical MITIGATION Microsoft recommends updating the software with the version made available on the Microsoft Update Catalogue for the following Knowledge Base articles. [1] KB4532935, KB4535101, KB4535103, KB4535102, KB4535105 KB4535104, KB4532933, KB4534271, KB4532938, KB4534306 KB4534977, KB4534976, KB4532936, KB4534276, KB4534293 KB4534979, KB4534978 REFERENCES [1] Security Update Guide https://portal.msrc.microsoft.com/en-us/security-guidance AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXh6FnGaOgq3Tt24GAQhyjBAAkA30PiUuybeREEQ4wsqtirWGJproZS+f oT/1vPTZjztGT4JsSeQe8XFrlm3ggJWdm4MvcPZcSz+ToHkTPlQmHWB7tQ9Qbg/Q D8PorNrLUT8xcVJbK3VkjPaLsiMHHbyoJqtx9phn5hgNEdEvFQmEOCCoPT9U0+fc iHejf9WpCxN2qNWUSX5O+JsZAemc6KCSDXi+8wCBtP4WBfvUP7b7tPa/DxZEygp7 uw6PlJa4topOv2T45DQPuzb7HJdAOyJYpbX1NNVTDpWG9iJ7HowZ1rthXBaYOek4 sUe7VCL7alVICQVnMoZ42Q6Slbt7t1plqXiiuUDuScSnkHh7HYMvUt49NhWdMetc OeNe/DuDYRoW6Id4eCaaux2u4iDqnPPDgiGeX2pDNnow+Z+QN7c1Ijs28FYVegse uGsH+ri0aU27a8JIdDZDXND/OXVhtJN1ZlmHd9Z4OujbdLUytk1KkRHoFTI38Khj BfhU3HMdobCl3PN/e4RdHpCcimIdJ2hhGh6jgWk1oKTmEXxBkJuHyyF+eREzGG41 rCozaBOMK3jYltiO0/+wXj+Yvowqc9oVfIsaDSkEuFBpwa3GwPNvtU8iE6B3xm4c R9/xkYVhHI5Ou9OMtuaMLtOPSqH8rD5F+zb+Nok178fzFUbjs0ci7hoVFl/VQ0KT BEISo6C/A10= =TKhf -----END PGP SIGNATURE-----