Anon Archived Microsoft Visual Studio C++ Runtime installers were built to fail (theregister.co.uk)
submitted ago by 2684605?
Posted by: 2684605?
Posting time: 2.3 years ago on
Last edit time: never edited.
Archived on: 11/21/2018 10:00:00 AM
Views: 23
SCP: 2
2 upvotes, 0 downvotes (100% upvoted it)
Anon Archived Microsoft Visual Studio C++ Runtime installers were built to fail (theregister.co.uk)
submitted ago by 2684605?
view the rest of the comments →
[–] derram ago
https://archive.fo/SoyaE :
'Security researcher Stefan Kanthak claims that the Microsoft Visual C++ Redistributable for Visual Studio 2017 executable installers (x86 and x64) were built with insecure tools from several years ago, creating a vulnerability that could allow privilege escalation. '
'He said, "Whatever Microsoft said: It's COMPLETE BULLSHIT, and a BLATANT LIE! CVE-2018-0952 fixes an UNRELATED vulnerability in Visual Studio. '
'THERE IS NO FIX FOR INSTALLERS BUILT WITH WIX TOOLSET!" [His capitals - Ed]Kanthak said he informed Mensching at FireGiant about this problem three years ago. ', "DLL hijacking allows malware that's next to an executable in a directory to be loaded when the executable runs."
'Kanthak said he disclosed the issue to Microsoft, as he has multiple times for related flaws over the past two decades. '
This has been an automated message.