Privilege Escalation Vulnerability in Visual Studio Code < 1.71.1 (CVE-2022-38020)
Visual Studio Code versions prior to 1.71.1 contain a privilege‑escalation flaw where a low‑privileged Windows attacker can place a malicious bash.exe in a special directory, causing the editor to load and execute the file, and the issue is fixed by upgrading to version 1.71.1 or later.
Visual Studio Code is a source‑code editor.
Versions up to 1.71.0 have a privilege‑escalation vulnerability caused by the editor automatically loading a bash.exe file that a Windows shared‑user can place in a special directory.
On Windows, a low‑privileged attacker can create or overwrite bash.exe in that location; the malicious file appears in the terminal configuration list and may be executed, leading to unintended privilege escalation.
Vulnerability Name
Visual Studio Code < 1.71.1 Privilege Escalation
Vulnerability Type
Improper Privilege Management
Discovery Date
2022-09-14
Impact Scope
Wide
MPS ID
MPS-2022-53948
CVE ID
CVE-2022-38020
CNVD ID
-
Affected Range: Visual Studio Code versions from 0 up to but not including 1.71.1.
Remediation: Upgrade Visual Studio Code to version 1.71.1 or a later release.
Laravel Tech Community
Specializing in Laravel development, we continuously publish fresh content and grow alongside the elegant, stable Laravel framework.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.