Request a Demo
Rewterz
Rewterz Threat Alert – ColdStealer Malware – Active IOCs
March 2, 2022
Rewterz
Rewterz Threat Advisory – ICS: Delta Zero-Day Vulnerabilities
March 2, 2022

Rewterz Threat Advisory – Microsoft Zero-Day Vulnerabilities

Severity

Medium

Analysis Summary

(0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Visual Studio installer. By creating a symbolic link, an attacker can abuse the installer to write a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

(0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Visual Studio installer. By creating a symbolic link, an attacker can abuse the installer to overwrite a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

(0Day) Microsoft .NET Link Following Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft .NET. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the .NET installer. By creating a symbolic link, an attacker can abuse the installer to overwrite a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

(0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability

This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Visual Studio installer. By creating a symbolic link, an attacker can abuse the installer to overwrite a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.

Impact

  • Denial of Service

Affected Vendors

Microsoft

Affected Products

  • Visual Studio

Remediation

Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.