Intel® Fortran Compiler
Build applications that can scale for the future with optimized code designed for Intel® Xeon® and compatible processors.
29072 Discussions

Microsoft Visual Studio Installer Vulnerability

AlHill
Super User
‎06-09-2023 02:58 PM
626 Views

FYI - From today's SANS NewsBites:

Microsoft Visual Studio Installer Vulnerability 

(June 7 & 8, 2023)
 

Microsoft released a patch for a vulnerability in Visual Studio Installer with its April scheduled patch release. While the vulnerability was rated moderate severity, researchers from Varonis maintain that because it is easily exploitable and affects a product with a 26 percent market share, it merits more immediate attention. The flaw could be exploited to distribute malicious extensions to app developers.
 

Editor's Note

[Neely]
While this is a reasonably easy flaw to exploit, the mitigation is even simpler. Apply the April 11th (or later) Microsoft Patch Tuesday update. I know we already did that too, and I’m cross checking that it was fully deployed.


Read more in:
www.varonis.com: Imposter Syndrome: UI Bug in Visual Studio Lets Attackers Impersonate Publishers
www.darkreading.com: Easily Exploitable Microsoft Visual Studio Bug Opens Developers to Takeover

Link Copied

0 Replies
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.