Missing Trust Validation in Visual Studio’s VSIX Installer

August 29, 2020 admin cyber, exploit, full disclosure, OSINT, seclist, Security, threatintel, vulnerabilities, vulnerability, vulns

Click the icon to Follow me:-

Posted by Ostovary, Daniel on Aug 29

AMD Ryzen 5 3600 6-Core, 12-Thread Unlocked Desktop Processor with Wraith Stealth Cooler $199.99

The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 6 cores and 12 processing threads bundled with the quiet AMD wraith stealth cooler max temps 95°C 4 2 G... read more

(as of January 21, 2021 - )

AMD Ryzen 7 3700X 8-Core, 16-Thread Unlocked Desktop Processor with Wraith Prism LED Cooler $324.99

The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 8 cores and 16 processing threads, bundled with the AMD Wraith Prism cooler with color controlled LED s... read more

(as of January 21, 2021 - )

AMD Ryzen 9 3900X 12-core, 24-thread unlocked desktop processor with Wraith Prism LED Cooler $499.00

The world's most advanced processor in the desktop PC gaming segment Can deliver ultra-fast 100+ FPS performance in the world's most popular games 12 cores and 24 processing threads, bundled with the AMD Wraith Prism cooler with color controlled LED ... read more

(as of January 21, 2021 - )

Hi,

we have recently discovered a vulnerability in the VSIX Installer of Visual Studio. More specifically, the
vulnerability existed in the validation of VSIX package signatures. This vulnerability allowed attackers

* to ‘revive’ expired code-signing certificates for VSIX package signatures and

* to maliciously modify timestamps when intercepting timestamp requests for VSIX package signatures.

For more details see…

If you like the site, please consider joining the telegram channel or supporting us on Patreon using the button below.