Zero-Day Advisory
Fortinet Discovers Microsoft Windows Diagnostics Hub/Visual Studio Standard Collector Elevation of Privilege Vulnerability
Summary
Fortinet's FortiGuard Labs has discovered an elevation of privilege vulnerability in the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector.
Diagnostics Hub Standard Collector is part of Windows diagnostics tools and it collects real time ETW events and processes them. Visual Studio Standard Collector is part of Visual Studio's diagnostics tools and it's used for diagnostics of code running in Visual Studio.
The vulnerability in the Diagnostics Hub Standard Collector and the Visual Studio Standard Collector could allow file deletion in arbitrary locations on Windows system. To exploit the vulnerability, an attacker would first have to log on to the system. Then the attacker could run a specially crafted application that could exploit the vulnerability and take control of the affected system.
Solutions
Users should apply the solution provided by Microsoft.
Timeline
Fortinet reported the vulnerability to Microsoft on January 28, 2019.
Microsoft confirmed the vulnerability on January 30, 2019.
Microsoft released patch for the vulnerability on May 14, 2019.