Severity
High
Analysis Summary
CVE-2023-21566 CVSS:7.8
Microsoft Visual Studio could allow a local authenticated attacker to gain elevated privileges on the system, caused by a flaw in the Installer component. By executing a specially-crafted program, an authenticated attacker could exploit this vulnerability to execute arbitrary code with higher privileges.
CVE-2023-21567 CVSS:5.6
Microsoft Visual Studio is vulnerable to a denial of service. By executing the Visual Studio installer, a local authenticated attacker could exploit this vulnerability to cause a denial of service.
Impact
- Privilege Escalation
- Denial of Service
Indicators Of Compromise
CVE
- CVE-2023-21566
- CVE-2023-21567
Affected Vendors
Microsoft
Affected Products
- Microsoft Visual Studio 2022 17.2
- Microsoft Visual Studio 2022 17.0
Remediation
Use Microsoft Automatic Update to apply the appropriate patch for your system, or the Microsoft Security Update Guide to search for available patches.