Improper Link Resolution Before File Access ('Link Following') (CWE-59)
A Visual Studio Elevation of Privilege Vulnerability has been identified. This vulnerability is related to improper link resolution before file access, also known as 'link following'. It affects multiple versions of Visual Studio, including Visual Studio 2022, 2019, 2017, and 2015 Update 3.
This vulnerability allows an attacker with local access and low privileges to potentially gain elevated privileges on the affected system. The attacker could exploit this to achieve high impacts on confidentiality, integrity, and availability of the system. Potential attack scenarios include symlink attacks, using malicious files, leveraging executable code in non-executable files, manipulating web input to file system calls, shortcut modification, and exploiting services file permissions weaknesses.
One proof-of-concept exploit is available on github.com. Its exploitation has been reported by various sources, including securityonline.info.
Patches are available. Microsoft has released updates to address this vulnerability. The patches were first added on January 9, 2024.
To mitigate this vulnerability, it is strongly recommended to apply the latest security updates provided by Microsoft for the affected Visual Studio versions. Specifically: 1. For Visual Studio 2022, update to version 17.6.11 or later, 17.4.15 or later, or 17.2.23 or later. 2. For Visual Studio 2019, update to version 16.11.33 or later. 3. For Visual Studio 2017, update to version 15.9.59 or later. 4. For Visual Studio 2015, ensure Update 3 is installed and any subsequent security updates are applied. Additionally, implement the principle of least privilege, restricting local access and user permissions where possible to reduce the risk of exploitation.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
NVD published the first details for CVE-2024-20656
Feedly found the first article mentioning CVE-2024-20656. See article
Feedly estimated the CVSS score as MEDIUM
The vulnerability CVE-2024-20656 is a local privilege escalation in the VSStandardCollectorService150 service. It is critical with a CVSS score of [score]. It is currently being exploited in the wild by [who]. There are no proof-of-concept exploits available, and no mitigations, detections, or patches have been released. There are no known downstream impacts to other third-party vendors or technology. See article
This CVE started to trend in security discussions
Attacks in the wild have been reported by Vulnerability Archives • Penetration Testing. See article
EPSS Score was set to: 0.15% (Percentile: 50.6%)