Visual Studio 2022 version 17 Security Update 17.0.13

Visual Studio 2022 version 17 has received a new update. The latest update was released on 9th August as part of the ‘Patch Tuesday’ project of Microsoft. The latest update resolves a few outstanding issues. It also contains fix for ‘Remote Code Execution’ vulnerabilities that have been uncovered in Visual Studio 2022 version 17. With the latest update, Visual Studio 2022 has now been upgraded to version 17.0.13. We look at the key aspects of Visual Studio 17.0.13.

Salient points about Visual Studio 2022 version 17.0.13

  • Visual Studio 2022 version 17.0.13 supersedes Visual Studio 2022 version 17.0.12. Visual Studio 2022 version 17.0.12 was released on 12th July 2022 as part of ‘Patch Tuesday’ project of Microsoft.
  • Visual Studio 17.0.13 contains a fix for the four vulnerabilities that can lead to ‘Remote Code Execution’ attacks on the server or machine with Visual Studio.
  • The updated version of Visual Studio 17.0.13 can be applied through WSUS or Microsoft Update Catalog. We share the details of each approach in the deployment section below.
  • The size of the MSU update file for Visual Studio 17.0.13 is 29.6 MB.

Prerequisites for installing Visual Studio 2022 version 17.0.13

Visual Studio 2022 was released on November 8, 2021. Since that day, we have had 13 security updates that have been released over the past year. So, if you have been up to speed with the latest security updates, you should have been running Visual Studio 2022 version 17.0.12. The July 2022 update is the Visual Studio 2022 version 17.0.12.

Apart from having a valid Visual Studio 2022 installation, there are no additional prerequisites for installing Visual Studio 17.0.13 version. But, there is a list of recommended approach to installing the latest security update for Visual Studio 2022.

  • The security update for Visual Studio can be installed by an account that has administrative privileges on the target machine.
  • Before attempting an upgrade, please close Visual Studio. There must not be any running instances of Visual Studio on the machine.
  • You can install Visual Studio 2022 version 17.0.13 on a machine that has the main stable release Visual Studio 2022 version 17 installed. Without the main release installed, you cannot apply the security update on Visual Studio.
  • Enterprise version of Visual Studio version 17 in LTSC channel can be downloaded from this page.
  • Professional version of Visual Studio version 17 in LTSC channel can be downloaded from this page.

Vulnerabilities resolved in Visual Studio 2022 version 17.0.13

There are 4 vulnerabilities that affect Visual Studio 17.0.12. These vulnerabilities are of the type of ‘Remote Code Execution’. All these threats have been patched in the Visual Studio version 17.0.13 that was released on 9th August 2022. We look at the four vulnerabilities that affect Visual Studio 2022 version 17.0.12 below:

  • CVE-2022-35777 – Visual Studio Remote Code Execution – This vulnerability has a CVSS score of 8.8, and carries ‘IMPORTANT’ severity level.
  • CVE-2022-35825 – Visual Studio Remote Code Execution – The vulnerability has a CVSS score of 8.8 and carries ‘IMPORTANT’ severity level.
  • CVE-2022-35826 – Visual Studio Remote Code Execution – The vulnerability has a CVSS score of 8.8 and carries ‘IMPORTANT’ severity level.
  • CVE-2022-35827 – Visual Studio Remote Code Execution – The vulnerability has a CVSS score of 8.8 and carries ‘IMPORTANT’ severity level.

All these vulnerabilities are resolved in Visual Studio 2022 version 17.0.13. Apart from these, there are other vulnerabilities that impact Visual Studio 2022 on account of vulnerabilities in the underlying components.

  • CVE-2022-34716 – .NET Spoofing Vulnerability – This is a CVSS 5.9 rated vulnerability that could be exploited by an attacker to read confidential data.
  • CVE-2022-31012 Remote Code Execution Git for Windows’ installer can be tricked into executing an untrusted binary. This is resolved in Visual Studio 2022 version 17.0.13.
  • CVE-2022-29187 Elevation of Privilege Malicious users can create a .git directory in a folder that is owned by a super-user. This is resolved in Visual Studio 2022 version 17.0.13.

These three vulnerabilities reside in the underlying framework or components.

How can I deploy Visual Studio 2022 version 17.0.13?

You can download Visual Studio 2022 version 17.0.13 through the following methods:

  • You can download the MSU update file from the Microsoft Update Catalog site. The update file of 29.6 MB can be downloaded from this page on the Microsoft Update Catalog site.
  • You can launch the ‘Visual Studio installer’ on your computer. It will identify the installed version of Visual Studio 2022 on your computer. It will also give you an option to ‘Update’ Visual Studio 2022 to the latest version.
  • The IDE engine of Visual Studio may share an update message when you launch Visual Studio. ‘Update on close’ option will update Visual Studio to the latest version after IDE session ends.

What is the latest version of Visual Studio 2022?

The latest stable release version of Visual Studio 2022 is Visual Studio 17.3. It was released on 9th August 2022. There have been a couple of updates after the stable version release.

It may be pertinent to mention that Visual Studio 17.3 has also been released by Microsoft on 9th August 2022. If you wish to upgrade to Visual Studio 17.3, you can do so by downloading the latest stable release version from the pages given below:

Once you have downloaded Visual Studio 17.3, you can apply updates Visual Studio 17.3.1 and Visual Studio 17.3.2 as well. These updates were released on 17th August and 25th August as part of the product update cycle of Microsoft.

Summary

Visual Studio 2022 version 17 has been updated to version 17.0.13. The latest security update for August patches four RCE vulnerabilities and three other vulnerabilities. You could also choose to deploy the latest version of Visual Studio 17.3 by downloading the relevant file for Community edition, Professional edition or Enterprise edition.

You may like to read additional content related to Visual Studio below: