Security researchers find ‘easily exploitable’ flaw in Microsoft Visual Studio installer that could be exploited by malicious actors to impersonate legitimate publishers and distribute malicious extensions warned that there is
โThreat actors can masquerade as popular publishers and issue malicious extensions to compromise targeted systems,โ said Varonis researcher Dolev Taler. Said. “Malicious extensions are used to steal sensitive information, silently access and modify code, or gain complete control over a system.”
Vulnerabilities tracked as CVE-2023-28299 (CVSS score: 5.5) has been addressed by Microsoft as part of the April 2023 Patch Tuesday update and has been described as an impersonation flaw.
A bug discovered by Varonis has to do with the Visual Studio user interface that allows for the spoofing of a publisher’s digital signature.
Specifically, if the user has a Visual Studio extension (VSIX) save the package as a .ZIP file and add it manually newline character Add it to the “DisplayName” tag in the “extension.vsixmanifest” file.
By introducing enough newline characters into the vsixmanifest file and adding bogus “digital signature” text, you can easily suppress the warning about the extension not being digitally signed, tricking the developer into installing the extension. It turned out that it can be done.
๐ Mastering API Security: Understanding Your True Attack Surface
Discover untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join us for an insightful webinar!
In a hypothetical attack scenario, a malicious attacker could send a phishing email containing a spoofed VSIX extension disguised as a legitimate software update and, after installation, gain a foothold in the target machine. There is a nature.
Unauthorized access could be used as a launch pad to gain deeper control over networks and facilitate theft of sensitive information.
โThe low complexity and required permissions make this exploit easy to weaponize,โ Taler said. “Threat actors may use this vulnerability to issue spoofed malicious extensions with the intent of compromising systems.”