released June 13th, 2023
Issues Addressed in this release
- ActiveX Control Variable wizard will generate ActiveX properties as well as functions, restoring the functionality from Visual Studio 2015.
- As part of this update, to address CVE-2023-27909, CVE-2023-27910, and CVE-2023-27911, we are removing .fbx and .dae support. This is a third-party x86 component that is no longer supported by the author. Affected users should use the fbx editor.
Developer Community
- JSON Schemas don't work with localized Visual Studio
- JumpThreading Fix for JT value numbering invalidation
Security Advisories Addressed
- CVE-2023-24897 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow, leading to a crash or remote code execution.
- CVE-2023-25652 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability where specially crafted input to git apply –reject can lead to controlled content writes at arbitrary locations.
- CVE-2023-25815 Visual Studio Spoofing Vulnerability This security update addresses a vulnerability where Github localization messages refer to a hard-coded path instead of respecting the runtime prefix that leads to out-of-bound memory writes and crashes.
- CVE-2023-29007 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability in which a configuration file containing a logic error results in arbitrary configuration injection.
- CVE-2023-29011 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability in which the Git for Windows executable responsible for implementing a SOCKS5 proxy is susceptible to picking up an untrusted configuration on multi-user machines.
- CVE-2023-29012 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability in which the Git for Windows Git CMD program incorrectly searches for a program upon startup, leading to silent arbitrary code execution.
- CVE-2023-27909 Visual Studio Remote Code Execution Vulnerability This security update addresses an Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK where version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.
- CVE-2023-27910 Visual Studio Information Disclosure Vulnerability This security update addresses a vulnerability where a user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to remote code execution.
- CVE-2023-27911 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability where a user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to remote code execution.
- CVE-2023-33139 Visual Studio Information Disclosure Vulnerability This security update addresses a OOB vulnerability where the obj file parser in Visual Studios leads to information disclosure.
Source:
Visual Studio 2019 version 16.11 Release Notes
Get the latest features, bug fixes, and support for Visual Studio 2019 v16.11. Download today.
learn.microsoft.com
