Microsoft Visual Studio C++ Runtime installers were built to fail • The Register
'Security researcher Stefan Kanthak claims that the Microsoft Visual C++ Redistributable for Visual Studio 2017 executable installers (x86 and x64) were built with insecure tools from several years ago, creating a vulnerability that could allow privilege escalation. '
'He said, "Whatever Microsoft said: It's COMPLETE BULLSHIT, and a BLATANT LIE! CVE-2018-0952 fixes an UNRELATED vulnerability in Visual Studio. '
'THERE IS NO FIX FOR INSTALLERS BUILT WITH WIX TOOLSET!" [His capitals - Ed]Kanthak said he informed Mensching at FireGiant about this problem three years ago. ', "DLL hijacking allows malware that's next to an executable in a directory to be loaded when the executable runs."
'Kanthak said he disclosed the issue to Microsoft, as he has multiple times for related flaws over the past two decades. '
[–] derram ago
https://archive.fo/SoyaE :
'Security researcher Stefan Kanthak claims that the Microsoft Visual C++ Redistributable for Visual Studio 2017 executable installers (x86 and x64) were built with insecure tools from several years ago, creating a vulnerability that could allow privilege escalation. '
'He said, "Whatever Microsoft said: It's COMPLETE BULLSHIT, and a BLATANT LIE! CVE-2018-0952 fixes an UNRELATED vulnerability in Visual Studio. '
'THERE IS NO FIX FOR INSTALLERS BUILT WITH WIX TOOLSET!" [His capitals - Ed]Kanthak said he informed Mensching at FireGiant about this problem three years ago. ', "DLL hijacking allows malware that's next to an executable in a directory to be loaded when the executable runs."
'Kanthak said he disclosed the issue to Microsoft, as he has multiple times for related flaws over the past two decades. '
This has been an automated message.