Rewterz Threat Advisory – Multiple Visual Studio Code Vulnerabilities

Severity

High

Analysis Summary

CVE-2023-24893 CVSS:7.8

Microsoft Visual Studio Code could allow a remote attacker to execute arbitrary code on the system. By persuading a victim to open a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2023-28299 CVSS:5.5

Microsoft Visual Studio could allow a local authenticated attacker to conduct spoofing attacks.

CVE-2023-28262 CVSS:7.8

Microsoft Visual Studio could allow a local authenticated attacker to gain elevated privileges on the system. By executing a specially crafted program, an authenticated attacker could exploit this vulnerability to obtain administrative privileges.

CVE-2023-28263 CVSS:5.5

Microsoft Visual Studio could allow a local authenticated attacker to obtain sensitive information. An attacker could exploit this vulnerability to cross the kernel security boundary, obtain sensitive information, and use this information to launch further attacks against the affected system.

CVE-2023-28296 CVSS:8.4

Microsoft Visual Studio could allow a local attacker to execute arbitrary code on the system. By executing a specially crafted program, an attacker could exploit this vulnerability to execute arbitrary code on the system.

Impact

• Code Execution
• Privilege Escalation
• Information Disclosure

Indicators Of Compromise

CVE

• CVE-2023-24893
• CVE-2023-28299
• CVE-2023-28262
• CVE-2023-28263
• CVE-2023-28296

Affected Vendors

Microsoft

Affected Products

• Microsoft Visual Studio Code
• Microsoft Visual Studio 2022 17.4

Remediation

Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches. 

CVE-2023-24893

CVE-2023-28299

CVE-2023-28262

CVE-2023-28263

CVE-2023-28296