KB5016314 Security Update for Visual Studio 2012

KB5016314 is the latest security update for Visual Studio 2012 Update 5. This security update has been released by Microsoft on 9th August 2022. it was released as part of the ‘Patch Tuesday’ project of Microsoft. We write about the key aspects of KB5016314 for Visual Studio 2012 Update 5.

Salient points about KB5016314 for Visual Studio 2012 Update 5

  •  KB5016314 is a standalone security only update. All previous security updates for Visual Studio 2012 Update 5 should have been already installed before deploying KB5016314. 
  • KB5016314 resolves four vulnerabilities that have been disclosed as part of August month Security Bulletin of Microsoft.
  •  All 4 vulnerabilities that have been addressed in KB5016314 are of the type of ‘Remote Code Execution’. They carry ‘Important’ severity level for the associated infrastructure.
  • The size of the MSU update file for KB5016314 is 4.8 MB only. The update file for Visual Studio has been made available by Microsoft as part of the KB5016314 security update. You can find more information about how you can deploy KB5016314 on Visual Studio machine below.

Prerequisites for installing KB5016314 on Visual Studio 2012 Update 5

The security update KB5016314 is intended for Visual Studio 2012 Update 5. The Update 5 for Visual Studio 2012 was released in October 2015. Visual Studio 2012 Update 5 can be downloaded from the Visual Studio 2012 page on the Microsoft website.

If you have Visual Studio 2012 update 5 working properly you can proceed with deployment of KB5016314 to resolve the four vulnerabilities.

Vulnerabilities affecting Visual Studio 2012 Update 5

KB5016314 resolves four ‘Remote Code Execution’ vulnerabilities that affect Visual Studio 2012 Update 5. These vulnerabilities are listed below for your ready reference. For all these vulnerabilities, user interaction is required. The remote attacker would try to induce a user into clicking on a malicious link to be exposed to malicious payload.

  • CVE-2022-35777 – Visual Studio Remote Code Execution – This vulnerability has a CVSS score of 8.8, and carries ‘IMPORTANT’ severity level.
  • CVE-2022-35825 – Visual Studio Remote Code Execution – The vulnerability has a CVSS score of 8.8 and carries ‘IMPORTANT’ severity level.
  • CVE-2022-35826 – Visual Studio Remote Code Execution – The vulnerability has a CVSS score of 8.8 and carries ‘IMPORTANT’ severity level.
  • CVE-2022-35827 – Visual Studio Remote Code Execution – The vulnerability has a CVSS score of 8.8 and carries ‘IMPORTANT’ severity level.

As you would see, all four vulnerabilities have CVSS rating of 8.8. These vulnerabilities are yet to be exploited. The vulnerability requires user interaction to be exploited for deploying malicious payloads on the target machine.

Exploitation of the vulnerability requires that a user open a specially crafted file.

  • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

It is suggested that KB5016314 must be deployed on a priority basis.

How can I deploy KB5016314 on Visual Studio 2012 Update 5?

The security update KB5016314 Visual Studio 2012 Update 5 is available to be downloaded from the Microsoft website The following two options are available to download KB5016314:

  •  You can download the hotfix for KB5016314 from the Microsoft website link. KB5016314 hotfix is an executable file that has a size of 4.8 MB. Before you can apply the hotfix for KB5016314, it is suggested that we Visual Studio 2012 Update 5 should be closed. Otherwise, you may have to restart the system for the hotfix to take effect.
  •  You can also download KB5016314 security update for Microsoft Visual Studio 2012 Update 5 from the Microsoft Update Catalog website. The MSU update file for KB5016314 can be downloaded from the Microsoft Update Catalog page for KB5016314. The size of the update file is 4.8 MB. Before deploying it on the Visual Studio machine, it is important that you must close the Visual Studio 2012 Update 5. This will ensure that you do not have to restart the system for the security update to take effect.

How do I validate if KB5016314 is successfully installed on Visual Studio 2012 Update 5?

Once you have installed the security update on Visual Studio 2012 Update 5, it is important to validate if the security update was installed cleanly and completely. The following steps help you in validating the application of hotfix or update file to Visual Studio 2012 Update 5 release:

  1. Open the Visual Studio 2012 program folder.
  2. Locate the libfbxsdk.dll file in the Microsoft Visual Studio 11.0\Common7\IDE\Extensions\Microsoft\VsGraphics folder.
  3. Verify that the file version is equal to or greater than 2020.3.1.0.

If you see this file version equal to or greater than 2020 3.1.0 no further action is required because Visual Studio 2012 Update 5 has been successfully patched with KB5016314.

Summary

KB5016314 is the security update for Visual Studio 2012 Update 5. The update file of 4.8 MB can be applied as a hotfix or through the Microsoft Update Catalog. The update contains a fix for CVSS 8.8 rated vulnerabilities that carry the ‘Remote Code Execution’ threat for the Visual Studio machine. Please do validate if the patch has been successfully deployed on the machine with Visual Studio 2012 Update 5 version.

You may like to read more about cumulative updates and security updates for the month of August 2022 below: