Do not load kernels from untrusted locations

[DonJayamanne]

Code Execution Vulnerability

A code execution vulnerability exists in VS Code Jupyter 2022.9.100* and earlier versions.
An attacker can create arbitrarry kernels in the %PROGRAMDATA%/jupyter/kernels directory which ends up getting loaded by the Jupyter extension, and results in malicious proceses being launched within the context of the user.

Patches

The fix is available starting with Jupyter 2022.9.1100000000. The fix mitigates this attack by not loading kernlespecs from such untrusted locations.

Workarounds

It is advised that users create kernels in other directories as defined here which do not have such relaxed permission, or create a folder %PROGRAMDATA%\jupyter\kernels\ and configure it to be writable only by the current user.
Optionally, users could continue to use such kernels by updating the setting jupyter.kernels.trusted to include the path to such kernelspecs.

Updating the setting jupyter.kernels.trusted:

• Copy the fully qualified path to the kernelspec, e.g. C:\ProgramData\Jupyter\kernels\Python3\kernel.json
• Open the VS User Settings UI using the command Preferences: Open User Settings from the Command Palette.
• Search for the setting jupyter.kernels.trusted
• Add a new value into the list using the Add button
• Re-load VS Code

At any point it is possible to remove the above kernel from the setting there by disallowing this kernel to run in VS Code.

References

• The patch for this can be found at 91f4038
• An advisory for this can be found at GHSA-85v9-rqrx-73xx
• MSRC details for this can be found at https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-41083