Visual Studio Microsoft Visual Studio Developer IDE

Do you want an email whenever new security vulnerabilities are reported in Microsoft Visual Studio?

Recent Microsoft Visual Studio Security Advisories

Advisory Title Published
CVE-2021-42319 Visual Studio Elevation of Privilege Vulnerability November 9, 2021
CVE-2021-42322 Visual Studio Code Elevation of Privilege Vulnerability November 9, 2021
CVE-2021-41355 .NET Core and Visual Studio Information Disclosure Vulnerability October 12, 2021
CVE-2021-36952 Visual Studio Remote Code Execution Vulnerability September 14, 2021
CVE-2021-26434 Visual Studio Elevation of Privilege Vulnerability September 14, 2021
CVE-2021-26437 Visual Studio Code Spoofing Vulnerability September 14, 2021
CVE-2021-34485 .NET Core and Visual Studio Information Disclosure Vulnerability August 10, 2021
CVE-2021-34532 ASP.NET Core and Visual Studio Information Disclosure Vulnerability August 10, 2021
CVE-2021-26423 .NET Core and Visual Studio Denial of Service Vulnerability August 10, 2021
CVE-2021-34528 Visual Studio Code Remote Code Execution Vulnerability July 13, 2021

@VisualStudio Tweets

Now that you've made the switch to Visual Studio 2022, you're probably wondering where to find your favorite extens… https://t.co/GUDEPckYku
Wed Nov 24 20:00:02 +0000 2021

Hop in the passenger's seat and take Visual Studio 2022 for a spin with @shanselman and the Visual Studio product t… https://t.co/xteOclDOes
Wed Nov 24 18:00:02 +0000 2021

Learn how to deploy Flask apps to Microsoft Azure using multiple databases on this episode of Visual Studio Toolbox… https://t.co/oGy6JIqOXe
Wed Nov 24 00:00:02 +0000 2021

Need more control over your code? Sign up for the Git and Open Source Learning Series to learn about source control… https://t.co/EWhUqTfAgq
Tue Nov 23 21:00:02 +0000 2021

By the Year

In 2021 there have been 6 vulnerabilities in Microsoft Visual Studio with an average score of 7.8 out of ten. Last year Visual Studio had 10 security vulnerabilities published. Right now, Visual Studio is on track to have less security vulnerabilities in 2021 than it did last year. Interestingly, the average vulnerability score and the number of vulnerabilities for 2021 and last year was the same.

Year Vulnerabilities Average Score
2021 6 7.80
2020 10 7.80
2019 4 6.90
2018 3 6.63

It may take a day or so for new Visual Studio vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Microsoft Visual Studio Security Vulnerabilities

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVE-2021-42277 7.8 - High - November 10, 2021

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

Improper Privilege Management

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

CVE-2021-28313 7.8 - High - April 13, 2021

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28321, CVE-2021-28322.

Improper Privilege Management

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

CVE-2021-28322 7.8 - High - April 13, 2021

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28321.

Improper Privilege Management

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

CVE-2021-28321 7.8 - High - April 13, 2021

Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-28313, CVE-2021-28322.

Improper Privilege Management

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVE-2021-1680 7.8 - High - January 12, 2021

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1651.

Improper Privilege Management

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

CVE-2021-1651 7.8 - High - January 12, 2021

Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability This CVE ID is unique from CVE-2021-1680.

Improper Privilege Management

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory

CVE-2020-16874 7.8 - High - September 11, 2020

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16856.

Code Injection

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory

CVE-2020-16856 7.8 - High - September 11, 2020

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory, aka 'Visual Studio Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2020-16874.

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations

CVE-2020-1130 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1133.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations

CVE-2020-1133 7.8 - High - September 11, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1130.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input

CVE-2020-1393 7.8 - High - July 14, 2020

An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior, aka 'Windows Diagnostics Hub Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1418.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations

CVE-2020-1278 7.8 - High - June 09, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1293.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations

CVE-2020-1293 7.8 - High - June 09, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1257, CVE-2020-1278.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations

CVE-2020-1257 7.8 - High - June 09, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations, aka 'Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1278, CVE-2020-1293.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory

CVE-2020-1203 7.8 - High - June 09, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1202.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory

CVE-2020-1202 7.8 - High - June 09, 2020

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fail to properly handle objects in memory, aka 'Diagnostic Hub Standard Collector Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2020-1203.

Improper Privilege Management

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations

CVE-2019-1232 7.8 - High - September 11, 2019

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka 'Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability'.

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files

CVE-2019-1079 6.5 - Medium - July 15, 2019

An information disclosure vulnerability exists when Visual Studio improperly parses XML input in certain settings files, aka 'Visual Studio Information Disclosure Vulnerability'.

Improper Input Validation

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector

CVE-2019-0727 7.8 - High - May 16, 2019

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file deletion in arbitrary locations.To exploit the vulnerability, an attacker would first have to log on to the system, aka 'Diagnostic Hub Standard Collector, Visual Studio Standard Collector Elevation of Privilege Vulnerability'.

An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file

CVE-2019-0537 5.5 - Medium - January 08, 2019

An information disclosure vulnerability exists when Visual Studio improperly discloses arbitrary file contents if the victim opens a malicious .vscontent file, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations

CVE-2018-8599 7.8 - High - December 12, 2018

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations, aka "Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability." This affects Microsoft Visual Studio, Windows Server 2019, Windows Server 2016, Windows 10, Windows 10 Servers.

Improper Check for Dropped Privileges

A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project

CVE-2018-8172 7.8 - High - July 11, 2018

A remote code execution vulnerability exists in Visual Studio software when the software does not check the source markup of a file for an unbuilt project, aka "Visual Studio Remote Code Execution Vulnerability." This affects Microsoft Visual Studio, Expression Blend 4.

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files

CVE-2018-1037 4.3 - Medium - April 12, 2018

An information disclosure vulnerability exists when Visual Studio improperly discloses limited contents of uninitialized memory while compiling program database (PDB) files, aka "Microsoft Visual Studio Information Disclosure Vulnerability." This affects Microsoft Visual Studio.

Use of Uninitialized Resource

The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet

CVE-2000-0162 - February 18, 2000

The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Microsoft Internet Explorer (IE) or by Microsoft? Click the Watch button to subscribe.

Microsoft
Vendor

subscribe