BI solution, which includes Microsoft SQL Server 2012, Power BI for Office 365, Windows Server 2012 and SharePoint Server 2013. 

Now you can upgrade any .NET application to the latest version of .NET inside of Visual Studio! We are happy to introduce it as a Visual Studio extension and will upgrade your .NET Framework or .NET Core web- and desktop apps. In this video, Olia shows you how to get the extension and start to update your projects to the latest version of NET in minutes. 

These are the issues addressed in 15.9.14:

• Fixed a bug causing Visual Studio 2017 crashes when switching branches.
• Fixed a bug causing internal compiler error (fbtctree.cpp', line 5540) during code analysis.
• Fixed a performance regression in memcpy/memset for Ryzen processors.
• Updated Service Fabric tooling to support the 6.5 Service Fabric release.
• Enabled screen reader to announce TeamExplorer's notifications properly on .NET 4.8.
• VS2017 15.8 Internal compiler error ('msc1.cpp', line 1518): Conflict between preprocessor and #import.
• ICE in PREfast 19.16.27023.1 (15.9 RTW).

Security Advisory Notices

• Visual Studio Extension Auto Update Vulnerability
• Visual Studio WorkFlowMarkUpDeserializerRCE Vulernability
• ASP.NET Core Spoofing Vulnerability 

Fixed In This Release of Visual Studio 2019 version 16.5

• Team Explorer not loading after update to mandatory latest visual studio version for Visual studio 2019
• Find Highlighting Fails when Matching with Match Case Disabled and Regex Option Enabled

Security Advisory Notice

CVE-2020-1108 .NET Core Denial of Service Vulnerability

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core application. The security update addresses the vulnerability by correcting how the .NET Core web application handles web requests.

CVE-2020-1161 .NET Core Denial of Service Vulnerability

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The security update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. 

Security Advisory Notices

CVE-2019-1077 Visual Studio Extension Auto Update Vulnerability

An elevation of privilege vulnerability exists when the Visual Studio Extension auto-update process improperly performs certain file operations. An attacker who successfully exploited this vulnerability could delete files in arbitrary locations. To exploit this vulnerability, an attacker would require unprivileged access to a vulnerable system. The security update addresses the vulnerability by securing locations the Visual Studio Extension auto-update performs file operations in.

CVE-2019-1075 ASP.NET Core Spoofing Vulnerability

A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect. An attacker who successfully exploited the vulnerability could redirect a targeted user to a malicious website. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.

The security update addresses the vulnerability by correcting how ASP.NET Core parses URLs. Details can be found in the .NET Core release notes.

CVE-2019-1113 WorkflowDesigner XOML deserialization allows code execution

A XOML file referencing certain types could cause random code to be executed when the XOML file is opened in Visual Studio. There is now a restriction on what types are allowed to be used in XOML files. If a XOML file containing one of the newly unauthorized types is opened, a message is displayed explaining that the type is unauthorized.

For further information, please refer to https://support.microsoft.com/en-us/help/4512190/remote-code-execution-vulnerability-if-types-are-specified-in-xoml.