released June 13th, 2023
Summary of What's New in this Release of Visual Studio 2022 version 17.6.3
- A regression was introduced into the razor compiler that broke certain tag helpers with explicit partial classes. Until this bug is fixed customers can work around by pinning back to the 7.0.203 SDK.
Security Advisories Addressed
- CVE-2023-24897 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability in the MSDIA SDK where corrupted PDBs can cause heap overflow, leading to a crash or remote code execution.
- CVE-2023-25652 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability where specially crafted input to git apply –reject can lead to controlled content writes at arbitrary locations.
- CVE-2023-25815 Visual Studio Spoofing Vulnerability This security update addresses a vulnerability where Github localization messages refer to a hard-coded path instead of respecting the runtime prefix that leads to out-of-bound memory writes and crashes.
- CVE-2023-29007 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability in which a configuration file containing a logic error results in arbitrary configuration injection.
- CVE-2023-29011 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability in which the Git for Windows executable responsible for implementing a SOCKS5 proxy is susceptible to picking up an untrusted configuration on multi-user machines.
- CVE-2023-29012 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability in which the Git for Windows Git CMD program incorrectly searches for a program upon startup, leading to silent arbitrary code execution.
- CVE-2023-27909 Visual Studio Remote Code Execution Vulnerability This security update addresses an Out-Of-Bounds Write Vulnerability in Autodesk® FBX® SDK where version 2020 or prior may lead to code execution through maliciously crafted FBX files or information disclosure.
- CVE-2023-27910 Visual Studio Information Disclosure Vulnerability This security update addresses a vulnerability where a user may be tricked into opening a malicious FBX file that may exploit a stack buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to remote code execution.
- CVE-2023-27911 Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability where a user may be tricked into opening a malicious FBX file that may exploit a heap buffer overflow vulnerability in Autodesk® FBX® SDK 2020 or prior which may lead to remote code execution.
- CVE-2023-33139 Visual Studio Information Disclosure Vulnerability This security update addresses a OOB vulnerability where the obj file parser in Visual Studios leads to information disclosure.
- CVE-2023-29331 .NET and Visual Studio Denial of Service Vulnerability This security update addresses a vulnerability where the AIA fetching process for client certificates can lead to denial of service.
- CVE-2023-24895 .NET and Visual Studio Remote Code Execution Vulnerability This security update addresses a vulnerability in the WPF XAML parser where an unsandboxed parser can lead to remote code execution.
- CVE-2023-24936 .NET and Visual Studio Elevation of Privilege Vulnerability This security update addresses a vulnerability in bypass restrictions when deserializing a DataSet or DataTable from XML, leading to an elevation of privilege.
- CVE-2023-32032 .NET Elevation of Privilege Vulnerability A vulnerability exists in .NET using extracting the contents of a Tar file which may result in elevation of privileges.
- CVE-2023-33126 .NET Remote Code Execution Vulnerability A vulnerability exists in .NET during crash and stack trace scenarios that could lead to loading arbitrary bin
- CVE-2023-33128 .NET Remote Code Execution Vulnerability A vulnerability exists in .NET source generator for P/Invokes that can lead to generated code freeing uninitialized memory and crashing.
- CVE-2023-33135 .NET Remote Code Execution Vulnerability A vulnerability exists in the .NET SDK during tool restore which can lead to an elevation of privilege.
Source: https://learn.microsoft.com/en-us/vi...e-notes#17.6.3