Visual Studio Extension Installer Service Denial of Service Vulnerability
Released: Mar 10, 2020
- Assigning CNA
- Microsoft
- CVE.org link
- CVE-2020-0789
Executive Summary
A denial of service vulnerability exists when the Visual Studio Extension Installer Service improperly handles hard links. An attacker who successfully exploited the vulnerability could cause a target system to stop responding.
To exploit this vulnerability, an attacker would have to log on to an affected system and run a specially crafted application. The vulnerability would allow an attacker to overwrite system files.
The update addresses the vulnerability by correcting how the Visual Studio Extension Installer Service handles hard links.
Exploitability
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
- Publicly disclosed
- No
- Exploited
- No
- Exploitability assessment
- Exploitation Less Likely
Acknowledgements
- Zhiniang Peng (@edwardzpeng) of Qihoo 360 Core security and Xuefeng Li
Security Updates
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle.
Disclaimer
Revisions
Information published.