QID 91822

Date Published: 2021-10-13

QID 91822: Microsoft Visual Studio Security Update for October 2021

Microsoft has released a security Update for Visual Studio which resolves Information Disclosure and Denial of Service Vulnerability.
Affected Software:
Microsoft Visual Studio 2019 prior to version 16.11 (includes 16.0-16.10)
Microsoft Visual Studio 2019 prior to version 16.9 (includes 16.0-16.8)
Microsoft Visual Studio 2019 prior to version 16.7 (includes 16.0-16.6)
Microsoft Visual Studio 2019 prior to version 16.4 (includes 16.0-16.3)
Microsoft Visual Studio 2017 prior to version 15.9 (includes 15.0-15.8)

QID Detection Logic: Authenticated
This QID detects vulnerable versions of Microsoft Visual Studio by checking file version of Visual Studio.app.

The vulnerable versions of Visual Studio let attackers to create a Denial of Service and Information Disclosure Vulnerabilities.

  • CVSS V3 rated as High - 7.4 severity.
  • CVSS V2 rated as Medium - 5.8 severity.
  • Solution
    Customers are advised to refer to CVE-2021-41355, CVE-2020-1971 , CVE-2021-3450 , and CVE-2021-3449 for more information pertaining to these vulnerabilities.

    CVEs related to QID 91822

    Software Advisories
    Advisory ID Software Component Link
    CVE-2020-1971 URL Logo msrc.microsoft.com/update-guide/vulnerability/CVE-2020-1971
    CVE-2021-3449 URL Logo msrc.microsoft.com/update-guide/vulnerability/CVE-2021-3449
    CVE-2021-3450 URL Logo msrc.microsoft.com/update-guide/vulnerability/CVE-2021-3450
    CVE-2021-41355 URL Logo msrc.microsoft.com/update-guide/vulnerability/CVE-2021-41355