KB5016315 Security Update for Visual Studio 2013

Microsoft released a new security update for Visual Studio 2013 Update 5 on 9th August. The update was released as part of the ‘Patch Tuesday’ project of Microsoft. This security update is a standalone security update. It addresses four ‘Remote Code Execution’ vulnerabilities that afect the Visual Studio 2013 Update 5. We look at the key aspects of VIsual Studio 2013 Update 5 security update below.

Salient points about KB5016315 for Visual Studio 2013 Update 5

  • KB5016315 is a standalone security update. For full security coverage, all the previous security updates must be installed on Visual Studio 2013 Update 5.
  • The update resolves four ‘Remote Code Execution’ vulnerabilities. All these vulnerabilities could lead to deployment of malicious code on the target machines.
  • You can patch Visual Studio through a hotfix or an MSU update file. The Hotfix can be downloaded from the Microsoft Downloads Center and the MSU update file is available for ready download from the Microsoft Update Catalog page. Details of the update process are listed below for your ready reference in the deployment section.
  • The size of the update file is 8.6 MB. If you follow the correct process of update, the server or computer will not need a reboot.

Prerequisites for installing KB5016315 for Visual Studio 2013 Update 5

There are no specific prerequisites for installing KB5016315 on a machine with Visual Studio 2013 Update 5. But, it is recommended that all the previous security updates must be installed for full security coverage on Visual Studio 2013 Update 5.

Visual Studio 2013 Update 5 was released on July 20,2015.

KB5016315 – Vulnerabilities affecting Visual Studio 2013 Update 5

Visual Studio 2013 Update 5 is affected with four ‘Remote Code Execution’ threats. Each of these vulnerabilities has a CVSS rating of 8.8 and has an ‘IMPORTANT’ severity for the affected infrastructure. We look at each of these vulnerabilities below:

  • CVE-2022-35777 – Visual Studio Remote Code Execution – This vulnerability has a CVSS score of 8.8, and carries ‘IMPORTANT’ severity level.
  • CVE-2022-35825 – Visual Studio Remote Code Execution – The vulnerability has a CVSS score of 8.8 and carries ‘IMPORTANT’ severity level.
  • CVE-2022-35826 – Visual Studio Remote Code Execution – The vulnerability has a CVSS score of 8.8 and carries ‘IMPORTANT’ severity level.
  • CVE-2022-35827 – Visual Studio Remote Code Execution – The vulnerability has a CVSS score of 8.8 and carries ‘IMPORTANT’ severity level.

These vulnerabilities require user interaction for being exploited.

Exploitation of the vulnerability requires that a user open a specially crafted file.

  • In an email attack scenario, an attacker could exploit the vulnerability by sending the specially crafted file to the user and convincing the user to open the file.
  • In a web-based attack scenario, an attacker could host a website (or leverage a compromised website that accepts or hosts user-provided content) containing a specially crafted file designed to exploit the vulnerability.

An attacker would have no way to force users to visit the website. Instead, an attacker would have to convince users to click a link, typically by way of an enticement in an email or instant message, and then convince them to open the specially crafted file.

It is therefore recommended that KB5016315 must be deployed on a priority basis.

How can I deploy KB5016315 for Visual Studio 2013 Update 5?

You can apply KB5016315 as a hotfix or as a downloadable Microsoft update file. We look at both the options below.

  • You can download the hotfix for KB5016315 for Visual Studio 2013 Update 5. The hotfix is in the form of an executable file. The size of the hotfix file is 8.8 MB. The hotfix for KB5016315 can be downloaded from this page.
  • You can also download the MSU update file for KB5016315 for Visual Studio 2013 Update 5 from the Microsoft Update Catalog site. The size of the MSU update is 8.6 MB. It can be downloaded from the Microsoft Update Catalog page for KB5016315.

Microsoft recommends closing Visual Studio at the time of upgrade. This will ensure that Visual Studio can be patched without the need of computer restart. Otherwise, if Visual Studio is open and in the middle of an upgrade, the computer may require a restart to apply the security update.

How can I validate if KB5016315 is successfully deployed on Visual Studio 2013 Update 5?

It is important to validate if the security update for Visual Studio 2013 Update 5 is successfully deployed. You can validate the successful application of KB5016315 through the method shared by Microsoft in the details below:

  1. Open the Visual Studio 2013 program folder.
  2. Locate the libfbxsdk.dll file in the Microsoft Visual Studio 12.0\Common7\IDE\Extensions\Microsoft\VsGraphics folder.
  3. Verify that the file version is equal to or greater than 2020.3.1.0.

If you elected to install the optional component (Windows 8.1 and Windows Phone 8.0/8.1 Tools), follow these additional steps:

  1. Locate the libfbxsdk.dll file in the Microsoft Visual Studio 11.0\Common7\IDE\Extensions\Microsoft\VsGraphics folder.
  2. Verify that the file version is equal to or greater than 2020.3.1.0.

If the version of the file version is 2020.3.1.0, we have successfully patched the security update KB5016315.

Summary

KB5016315 security update is a standalone update. To deploy it, you can download it as a hotfix or an MSU update file from the Microsoft Update Catalog site. It is recommended that the update should be made after closing the Visual Studio 2013 Update 5.

You may like to read more content related to Microsoft security updates below: