Missing Trust Validation in Visual Studio's VSIX Installer

Posted by Ostovary, Daniel on Aug 29

Hi,

we have recently discovered a vulnerability in the VSIX Installer of Visual Studio. More specifically, the
vulnerability existed in the validation of VSIX package signatures. This vulnerability allowed attackers

* to ‘revive’ expired code-signing certificates for VSIX package signatures and

* to maliciously modify timestamps when intercepting timestamp requests for VSIX package signatures.

For more details see…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Original Source

Tags: cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Missing Trust Validation in Visual Studio’s VSIX Installer

Original Source

8 Base Ransomware Victim: PWS – The Laundry Company

8 Base Ransomware Victim: APS – Automotive Parts Solutions

8 Base Ransomware Victim: YRW Limited – Chartered Accountants

8 Base Ransomware Victim: R[.]B[.] Woodcraft, Inc[.]

8 Base Ransomware Victim: LYON TERMINAL

Original Source

You may have missed

8 Base Ransomware Victim: PWS – The Laundry Company

8 Base Ransomware Victim: APS – Automotive Parts Solutions

8 Base Ransomware Victim: YRW Limited – Chartered Accountants

8 Base Ransomware Victim: R[.]B[.] Woodcraft, Inc[.]

8 Base Ransomware Victim: LYON TERMINAL