Advertisement
Top
image credit: Adobe Stock

Calls for Visual Studio security tweak fall on deaf ears despite one-click RCE exploit

October 13, 2023

Via: The Register
Category:

Perceived weaknesses in the security of Microsoft’s Visual Studio IDE are being raised once again this week with a fresh single-click exploit.

Developed by Zhiniang Peng, principal security researcher and chief architect of security at Sangfor, the proof of concept (PoC) exploits the default implementation of the IDE’s “trusted locations” feature.

Following the 2021 targeting of security researchers by North Korea’s state-sponsored offensive cyber group Lazarus, Microsoft rolled out trusted locations to prevent malicious Visual Studio projects being used to achieve remote code execution (RCE).

Read More on The Register

RELATED PUBLICATIONS

Microsoft Warns: North Korean Hackers Turn to AI-Fueled Cyber Espionage
Microsoft fixed two zero-day bugs exploited in malware attacks
Microsoft confirms memory leak in March Windows Server security update

Latest Publications

Kaiser Permanente Discloses Data Breach Impacting 13.4 Million People
The Los Angeles County Department of Health Services disclosed a data breach
Sweden’s liquor supply severely impacted by ransomware attack on logistics company
Security Curated Copyright © 2024. All rights reserved
Go to ITCurated!