Microsoft heeft een vierde update voor versie 16.6.0 van Visual Studio 2019 uitgebracht. Deze populaire programmeerontwikkelomgeving beschikt over handige opties om het programmeren in onder andere Visual C++, Visual Basic, C#, F#, Python en R gemakkelijker te maken. De complete lijst met de veranderingen in de 2019-uitgave kun je nalezen in de bijbehorende releasenotes. Hieronder is te vinden welke verbeteringen Microsoft heeft doorgevoerd in deze versie:
Security Advisory Notice for 16.6.4Top Issues Fixed in Visual Studio 2019 version 16.6.4
- CVE-2020-1393 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior.- CVE-2020-1416 Visual Studio Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Visual Studio when it loads software dependencies.- CVE-CVE-2020-1147 .NET Core Denial of Service Vulnerability
A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an ASP.NET Core application, or other application that parses certain types of XML. The security update addresses the vulnerability by restricting the types that are allowed to be present in the XML payload.