CVE-2021-28473 – This vulnerability in Visual Studio Code allows... (How to Fix)

Q: What is the severity of CVE-2021-28473?

CVE-2021-28473 has a CVSS score of 7.8 (HIGH). This vulnerability in Visual Studio Code allows remote code execution when a user opens a maliciously crafted file or workspace. Attackers can exploit this to execute arbitrary code on the victim's system with the privileges of the current user. All users of Visual Studio Code are potentially affected.

📋 TL;DR

This vulnerability in Visual Studio Code allows remote code execution when a user opens a maliciously crafted file or workspace. Attackers can exploit this to execute arbitrary code on the victim's system with the privileges of the current user. All users of Visual Studio Code are potentially affected.

💻 Affected Systems

Products:

Visual Studio Code

Versions: Versions prior to 1.56.0

Operating Systems: Windows, macOS, Linux

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. The vulnerability requires user interaction (opening a malicious file/workspace).

📦 What is this software?

Visual Studio Code by Microsoft

View all CVEs affecting Visual Studio Code →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the victim's machine, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive files, credentials, or system resources on the compromised machine.

🟢

If Mitigated

Limited impact with proper network segmentation and user privilege restrictions, potentially containing the attack to a single workstation.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (social engineering to open malicious content). No public exploit code was available at disclosure time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.56.0 and later

Vendor Advisory: https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28473

Restart Required: Yes

Instructions:

1. Open Visual Studio Code. 2. Click Help > Check for Updates. 3. Install update to version 1.56.0 or later. 4. Restart Visual Studio Code after installation.

🔧 Temporary Workarounds

Disable automatic workspace trust

all

Configure VS Code to require explicit trust for all workspaces

Add "security.workspace.trust.enabled": false to settings.json

Restrict file opening

all

Only open files from trusted sources and avoid unknown workspaces

🧯 If You Can't Patch

Implement application whitelisting to restrict execution of unauthorized code
Run Visual Studio Code with minimal user privileges and in isolated environments

🔍 How to Verify

Check if Vulnerable:

Check VS Code version: Help > About (should show version earlier than 1.56.0)

Check Version:

code --version

Verify Fix Applied:

Verify version is 1.56.0 or later in Help > About

📡 Detection & Monitoring

Log Indicators:

Unusual process execution from VS Code context
Suspicious file access patterns from code.exe

Network Indicators:

Unexpected outbound connections from VS Code process

SIEM Query:

Process Creation where Parent Process Name contains "code.exe" and Command Line contains suspicious patterns

📊 Metadata

CVE ID: CVE-2021-28473

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published: April 13, 2021

Last Updated: November 21, 2024

🔗 References

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28473 Patch,Vendor Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-28473 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON