Microsoft Visual Studio Remote Code Execution Vulnerability

Photo of Visual Studio website

The library of software vulnerabilities grows larger for software colossus Microsoft by the day. The IT boffins at Microsoft Security Response Center (MSRC) have unearthed another remote code execution vulnerability that affects yet another massively popular program application known as Visual Studio.

Remote code execution flaws have been popular with Microsoft these days, as both 3D Viewer and the MSHTML component have been reported as being affected by this particular vulnerability within the span of a couple of days. Adding to that, Microsoft Office has also been wading in vulnerability-laden waters as of late with code injection type issues. Both of these types of vulnerabilities are up there at the top in terms of vulnerability risk and severity levels.

About Microsoft Visual Studio

Visual Studio is one of the most popular developer environment tools out there, touted as “Best in-class tools for any developer” on the official website. Known as an integrated development environment (IDE), Visual Studio is used by developers all over the world, available globally in 13 languages, to create websites, apps, web services, and computer programs. It also supports 36 different programming languages. Statistically, as far as programming and development tools used worldwide in 2021 goes, standalone IDEs like Visual Studio and source code collaboration tools such as GitHub are used the most.

Microsoft Visual Studio Software Vulnerability

The Microsoft Visual Studio remote code execution software vulnerability was reported on September 14th, 2021 by Wenguang Jiao of Trend Micro Zero Daty Initiative, according to Microsoft MSRC. The vulnerability is high-risk, and Microsoft has reported the severity as important.

Technical Details

This vulnerability is type: code injection. More information released by MSRC reveals that the vulnerability (CVE-2021-36952) allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to improper input validation in Visual Studio. A remote attacker can execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in the complete compromise of a vulnerable system.

Vulnerable Software Versions

The vulnerable software versions of Visual Studio are as follows;

Visual Studio: 2017 version 15.9, 2019 version 16.4, 2019 version 16.7

Important User Information

It is important for users to know that a fix has been released for this remote code execution vulnerability in Microsoft Visual Studio. The issues have been fixed in a new release: Microsoft Visual Studio 2019 version 16.7.19 and Microsoft Visual Studio 2017 15.9.39. The updates should take place automatically for users of Microsoft Visual Studio if automatic updates are enabled.

Tech researcher & communications specialist
Mirza has an education background in Global Communications, has worked in advertising, marketing, journalism and television over the years while living in several different countries. He is now working to consolidate news and outreach at VPNoverview.com, while in his free time he likes to work on documentary projects, read about sociology and write about world events.