Visual Studio 2019 version 16.11.27 released

released June 13th, 2023

Issues Addressed in this release​

• ActiveX Control Variable wizard will generate ActiveX properties as well as functions, restoring the functionality from Visual Studio 2015.
• As part of this update, to address CVE-2023-27909, CVE-2023-27910, and CVE-2023-27911, we are removing .fbx and .dae support. This is a third-party x86 component that is no longer supported by the author. Affected users should use the fbx editor.

Developer Community​

• JSON Schemas don't work with localized Visual Studio
• JumpThreading Fix for JT value numbering invalidation

Security Advisories Addressed​

• CVE-2023-24897 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow, leading to a crash or remote code execution.
• CVE-2023-25652 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability where specially crafted input to git apply –reject can lead to controlled content writes at arbitrary locations.
• CVE-2023-25815 Visual Studio Spoofing Vulnerability This security update addresses a vulnerability where Github localization messages refer to a hard-coded path instead of respecting the runtime prefix that leads to out-of-bound memory writes and crashes.
• CVE-2023-29007 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability in which a configuration file containing a logic error results in arbitrary configuration injection.
• CVE-2023-29011 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability in which the Git for Windows executable responsible for implementing a SOCKS5 proxy is susceptible to picking up an untrusted configuration on multi-user machines.
• CVE-2023-29012 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability in which the Git for Windows Git CMD program incorrectly searches for a program upon startup, leading to silent arbitrary code execution.
• CVE-2023-27909 Visual Studio Remote Code Execution Vulnerability This security update addresses an Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK where version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.
• CVE-2023-27910 Visual Studio Information Disclosure Vulnerability This security update addresses a vulnerability where a user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to remote code execution.
• CVE-2023-27911 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability where a user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to remote code execution.
• CVE-2023-33139 Visual Studio Information Disclosure Vulnerability This security update addresses a OOB vulnerability where the obj file parser in Visual Studios leads to information disclosure.

Click to expand...

Visual Studio 2019 version 16.11 Release Notes

Get the latest features, bug fixes, and support for Visual Studio 2019 v16.11. Download today.

learn.microsoft.com