Msrc Microsoft Visual Studio 2022 Version 17.6 vulnerabilities

CVE-2025-21172 [HIGH] CWE-190 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean fo

CVE-2025-21178 [HIGH] CWE-122 Visual Studio Remote Code Execution Vulnerability Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution

CVE-2025-21176 [HIGH] CWE-126 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that an attacker convinces a user to open a maliciously crafted package file in Visual Studio. .NET, .NET Framework, Visual Studio: .NET, .NET Framework, Vi

CVE-2025-21171 [HIGH] CWE-122 .NET Remote Code Execution Vulnerability .NET Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack vector is network (AV:N) and the user interaction is required (UI:R). What is the target context of the remote code execution? This attack requires a victim to perform a specific action, such as copying files or executing a command, and for an attacker with appropriate access to have pre-planted malicious files with knowledge of where they

CVE-2024-50338 [HIGH] CWE-20 GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager GitHub: CVE-2024-50338 Malformed URL allows information disclosure through git-credential-manager FAQ: Why is this GitHub CVE included in the Security Update Guide? The vulnerability assigned to this CVE is in Git for Windows software which is consumed by Microsoft Visual Studio. It is being documented in the Security Update Guide to announce that the latest builds of V

CVE-2025-21173 [HIGH] CWE-379 .NET Elevation of Privilege Vulnerability .NET Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulner

CVE-2024-43498 [CRITICAL] CWE-843 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? A remote unauthenticated attacker could exploit this vulnerability by sending specially crafted requests to a vulnerable .NET webapp or by loading a specially crafted file into a vulnerable desktop app. .NET and Visual Studio: .NET and Visual Studio Microsoft: Microsoft Customer Action Re

CVE-2024-43499 [HIGH] CWE-409 .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio: .NET and Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Remediation: Release Notes Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.6 Reference: https:/

CVE-2024-49044 [MEDIUM] CWE-284 Visual Studio Elevation of Privilege Vulnerability Visual Studio Elevation of Privilege Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to gather information specific to the environment and take additional actions prior to exploitation to prepare the target environment. FAQ: According to the CVSS metric, user inter

CVE-2024-43484 [HIGH] CWE-407 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability .NET, .NET Framework, Visual Studio: .NET, .NET Framework, Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Remediation: Release Notes Reference: https://github.com/PowerShell/A

CVE-2024-43590 [HIGH] CWE-284 Visual C++ Redistributable Installer Elevation of Privilege Vulnerability Visual C++ Redistributable Installer Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited the vulnerability? An attacker who successfully exploited this vulnerability could create, modify, or delete files in the security context of the NT AUTHORITY\SYSTEM account. Visual C++ Redistributable Installer: Visual C++ Redistributable I

CVE-2024-38229 [HIGH] CWE-416 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. .NET and Visual Studio: .NET and Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Remote Code Execution Exploit S

CVE-2024-43483 [HIGH] CWE-407 .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability .NET, .NET Framework, and Visual Studio Denial of Service Vulnerability .NET, .NET Framework, Visual Studio: .NET, .NET Framework, Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Remediation: Release Notes Reference: https://github.com/PowerShell/A

CVE-2024-43485 [HIGH] CWE-407 .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio: .NET and Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Remediation: Release Notes Reference: https://github.com/PowerShell/Announcements/issues/71 Reference: https://my.visualstudio.c

CVE-2024-43603 [MEDIUM] CWE-59 Visual Studio Collector Service Denial of Service Vulnerability Visual Studio Collector Service Denial of Service Vulnerability Visual Studio: Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Remediation: Release Notes Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.11 Reference: https

CVE-2024-38168 [HIGH] CWE-400 .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio Denial of Service Vulnerability .NET and Visual Studio: .NET and Visual Studio Microsoft: Microsoft Customer Action Required: Yes Impact: Denial of Service Exploit Status: Publicly Disclosed:No;Exploited:No;Latest Software Release:Exploitation Less Likely Reference: https://dotnet.microsoft.com/en-us/download/dotnet/8.0 Reference: https://support.microsoft.com/help/5042132 Remediat

CVE-2024-38167 [MEDIUM] CWE-319 .NET and Visual Studio Information Disclosure Vulnerability .NET and Visual Studio Information Disclosure Vulnerability FAQ: What type of information could be disclosed by this vulnerability? An attacker who successfully exploited the vulnerability could read targeted email messages. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation of this vulnerability requires that a user trigger t

CVE-2024-38081 [HIGH] CWE-59 .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability .NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability FAQ: What privileges could be gained by an attacker who successfully exploited this vulnerability? An attacker who successfully exploited this vulnerability could gain SYSTEM privileges. FAQ: According to the CVSS metric, user interaction is required (UI:R). What interaction would the user have to do? Exploitation

CVE-2024-35272 [HIGH] CWE-122 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability FAQ: How could an attacker exploit this vulnerability? An attacker could exploit the vulnerability by tricking an authenticated user (UI:R) into attempting to connect to a malicious SQL server database via a connection driver (for example: OLE DB or OLEDB as applicable). This could result in the database returning

CVE-2024-35264 [HIGH] CWE-416 .NET and Visual Studio Remote Code Execution Vulnerability .NET and Visual Studio Remote Code Execution Vulnerability FAQ: According to the CVSS metric, the attack complexity is high (AC:H). What does that mean for this vulnerability? Successful exploitation of this vulnerability requires an attacker to win a race condition. FAQ: How could an attacker exploit this vulnerability? An attacker could exploit this by closing an http/3 stream while the request body is b