RedPacket Security

InfoSec News & Tutorials

Vulnerabilities 

Missing Trust Validation in Visual Studio’s VSIX Installer

admin , , , , , , , , ,
Click the icon to Follow me:- twitterTelegramRedditDiscord

Posted by Ostovary, Daniel on Aug 29

Hi,

we have recently discovered a vulnerability in the VSIX Installer of Visual Studio. More specifically, the
vulnerability existed in the validation of VSIX package signatures. This vulnerability allowed attackers

* to ‘revive’ expired code-signing certificates for VSIX package signatures and

* to maliciously modify timestamps when intercepting timestamp requests for VSIX package signatures.

For more details see…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.

Patreon

Original Source

You May Also Like

osint

Microsoft fixes seven zero-days, including two PuzzleMaker targets, Google fixes serious Android flaw

admin
osint

A week in security (March 15 – 21)

admin
Kerberos

Rubeus – C# Toolset For Raw Kerberos Interaction And Abuses

admin