On October 17, 2019, Microsoft issued a security advisory regarding Visual Studio Code. An update is available for Visual Studio to close a security vulnerability CVE-2019-1414.
Advertising
There is an Elevation of Privilege vulnerability CVE-2019-1414n Visual Studio Code that Microsoft describes as follows:
There is an Elevation of Privilege vulnerability in Visual Studio code when developers run a debug listener for users of a local computer.
A local attacker who successfully exploited the vulnerability could inject arbitrary code that is executed in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs, view, modify, or delete data, or create new accounts with full user privileges.
To exploit this vulnerability, a local attacker would have to determine which port Visual Studio listens on for a particular user. However, Microsoft has responded by releasing an update. The Visual Studio Code update fixes the vulnerability by changing the way Visual Studio activates code debug ports. The download link is located on the Microsoft CVE page.
