Rewterz Threat Alert – ColdStealer Malware – Active IOCs
March 2, 2022Rewterz Threat Advisory – ICS: Delta Zero-Day Vulnerabilities
March 2, 2022Rewterz Threat Alert – ColdStealer Malware – Active IOCs
March 2, 2022Rewterz Threat Advisory – ICS: Delta Zero-Day Vulnerabilities
March 2, 2022Severity
Medium
Analysis Summary
(0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Visual Studio installer. By creating a symbolic link, an attacker can abuse the installer to write a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
(0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Visual Studio installer. By creating a symbolic link, an attacker can abuse the installer to overwrite a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
(0Day) Microsoft .NET Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft .NET. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the .NET installer. By creating a symbolic link, an attacker can abuse the installer to overwrite a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
(0Day) Microsoft Visual Studio Link Following Denial-of-Service Vulnerability
This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Microsoft Visual Studio. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Visual Studio installer. By creating a symbolic link, an attacker can abuse the installer to overwrite a file. An attacker can leverage this vulnerability to create a denial-of-service condition on the system.
Impact
- Denial of Service
Affected Vendors
Microsoft
Affected Products
- Visual Studio
Remediation
Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.