Top Issues Fixed in Visual Studio 2019 version 16.2.5
- Visual Studio stops respsonding on creating a new SSIS project
- Fixed UI freezes occurring after extended usage of the editor.
Security Advisory Notices
CVE-2019-1232 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly impersonates file operations.
CVE-2019-1301: Denial of Service Vulnerability in .NET Core
A denial of service vulnerability exists when .NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core web application. The vulnerability can be exploited remotely, without authentication.
The update addresses the vulnerability by correcting how the .NET Core web application handles web requests.
- Fixed: Error running the selected code generator :" value -1 is outside the acceptable [0,2147483647] range. Parameter name :value"
- Fixed: VS2019 will randomly hang while unloading projects
- Fixed: vcpkgsrv freezes VS on opening new cpp files
- Fixed an issue that caused Visual Studio 2019 to stop responding on shut down.
- Added error handling to prevent a crash when displaying tool windows with Per-Monitor awareness enabled.
- Fixed: Android SDK not found after upgrade to 16.2
- Fixed: VS won't start after update with message tht setup is complete.
- Fixed an issue resulting in an installer verification or manifest verification fail when user is updating through the setup UI.
- Fixed an issue that caused Visual Studio to crash or stop responding during shutdown.
- Fixed a timing-related issue while saving changed Xamarin.Android project properties or building the project that resulted in the product to stop responding.
- Fixed an issue with Visual Studio crashing when C# users typed above a namespace.
- Fixed an issue preventing SSIS packages from successfully running in some circumstances after reloading a solution.
Top Issues Fixed in Visual Studio 2019 version 16.2.2
- Fixed Test Explorer doesn't show my tests on VS2019 16.2.0
- Fixed a problem where Visual Studio can stop responding during shutdown.
Security Advisory Notices
CVE-2019-1211 Git for Visual Studio Elevation of Privilege Vulnerability
An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user. To exploit the vulnerability, an authenticated attacker would need to modify Git configuration files on a system prior to a full installation of the application. The attacker would then need to convince another user on the system to execute specific Git commands. The update addresses the issue by changing the permissions required to edit configuration files.
- Fixed an issue that caused Xamarin.Android projects using the Xamarin.Android.Arch.Work.Runtime NuGet package to fail with "class file for com.google.common.util.concurrent.ListenableFuture not found".
- Fixed Link assemblies causes app crashes if you have an EditText in VS2019 Preview 2
- Fixed error 'Some or all identity references could not be translated' when opening extension manager; fixed failure to persist some IDE settings.
- Fixed Parallel Stacks shows nonsense number of threads
- Fixed After repair, build cmake folder fails with D8050, compile using tasks.vs.json fails with "cl" is not recognized
- Fixed No longer able to group by trait in Test Explorer with VS 2019 Preview
- Fixed Some c++ code analysis warnings are not localized
- Fixed Service Fabric Project not loading
- Now correctly reports $(MSBuildVersion) as 16.2.x, instead of the erroneous 16.200.19.
- Fixed issue causing a random crash after closing GoToAll/Symbol UI.
- Fixed crash during Visual Studio sign-in.
- Fixed an issue where forms previewer on Android frequently stops responding and needs a restart.
- Added iOS Designer Xcode 10.3 support.
Security Advisory Notices
CVE-2019-1077 Visual Studio Extension Auto Update Vulnerability
An elevation of privilege vulnerability exists when the Visual Studio Extension auto-update process improperly performs certain file operations. An attacker who successfully exploited this vulnerability could delete files in arbitrary locations. To exploit this vulnerability, an attacker would require unprivileged access to a vulnerable system. The security update addresses the vulnerability by securing locations the Visual Studio Extension auto-update performs file operations in.
CVE-2019-1075 ASP.NET Core Spoofing Vulnerability
A spoofing vulnerability exists in ASP.NET Core that could lead to an open redirect. An attacker who successfully exploited the vulnerability could redirect a targeted user to a malicious website. To exploit the vulnerability, an attacker could send a link that has a specially crafted URL and convince the user to click the link.
The security update addresses the vulnerability by correcting how ASP.NET Core parses URLs. Details can be found in the .NET Core release notes.
CVE-2019-1113 WorkflowDesigner XOML deserialization allows code execution
A XOML file referencing certain types could cause random code to be executed when the XOML file is opened in Visual Studio. There is now a restriction on what types are allowed to be used in XOML files. If a XOML file containing one of the newly unauthorized types is opened, a message is displayed explaining that the type is unauthorized.
For further information, please refer to https://support.microsoft.com/en-us/help/4512190/remote-code-execution-vulnerability-if-types-are-specified-in-xoml.