Remote code execution flaws have been popular with Microsoft these days, as both 3D Viewer and the MSHTML component have been reported as being affected by this particular vulnerability within the span of a couple of days. Adding to that, Microsoft Office has also been wading in vulnerability-laden waters as of late with code injection type issues. Both of these types of vulnerabilities are up there at the top in terms of vulnerability risk and severity levels.
About Microsoft Visual Studio
Visual Studio is one of the most popular developer environment tools out there, touted as “Best in-class tools for any developer” on the official website. Known as an integrated development environment (IDE), Visual Studio is used by developers all over the world, available globally in 13 languages, to create websites, apps, web services, and computer programs. It also supports 36 different programming languages. Statistically, as far as programming and development tools used worldwide in 2021 goes, standalone IDEs like Visual Studio and source code collaboration tools such as GitHub are used the most.
Microsoft Visual Studio Software Vulnerability
The Microsoft Visual Studio remote code execution software vulnerability was reported on September 14th, 2021 by Wenguang Jiao of Trend Micro Zero Daty Initiative, according to Microsoft MSRC. The vulnerability is high-risk, and Microsoft has reported the severity as important.
Technical Details
This vulnerability is type: code injection. More information released by MSRC reveals that the vulnerability (CVE-2021-36952) allows a remote attacker to execute arbitrary code on the target system. The vulnerability exists due to improper input validation in Visual Studio. A remote attacker can execute arbitrary code on the target system. Successful exploitation of this vulnerability may result in the complete compromise of a vulnerable system.
Vulnerable Software Versions
The vulnerable software versions of Visual Studio are as follows; Visual Studio: 2017 version 15.9, 2019 version 16.4, 2019 version 16.7
Important User Information
It is important for users to know that a fix has been released for this remote code execution vulnerability in Microsoft Visual Studio. The issues have been fixed in a new release: Microsoft Visual Studio 2019 version 16.7.19 and Microsoft Visual Studio 2017 15.9.39. The updates should take place automatically for users of Microsoft Visual Studio if automatic updates are enabled.
