Visual Studio Extension Installer Service Elevation of Privilege Vulnerability
Released: Apr 14, 2020
- Assigning CNA
- Microsoft
- CVE.org link
- CVE-2020-0900
Executive Summary
An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations. An attacker who successfully exploited the vulnerability could delete files in arbitrary locations with elevated permissions.
To exploit the vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability.
The update addresses the vulnerability by correcting how the Visual Studio Extension Installer Service handles file operations.
Exploitability
The following table provides an exploitability assessment for this vulnerability at the time of original publication.
- Publicly disclosed
- No
- Exploited
- No
- Exploitability assessment
- Exploitation Less Likely
Acknowledgements
Security Updates
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle.
Disclaimer
Revisions
Information published.