Software-update: Microsoft Visual Studio 2022 17.5.4

Microsoft heeft versie 17.5.4 van Visual Studio 2022 uitgebracht. Deze populaire programmeerontwikkelomgeving, verkrijgbaar voor Windows and macOS, beschikt over handige opties om het programmeren in onder andere Visual C++, Visual Basic, C#, F# en Python gemakkelijker te maken. De nieuwe versie is volledig 64bit en heeft een nieuwe vereenvoudigde gebruikersinterface. Meer informatie over versie 17.5 is op deze pagina van Microsoft te vinden. In deze uitgave zijn de volgende veranderingen en verbeteringen doorgevoerd:

Issues Addressed in this release of 17.5.4

This change fixes a crash when invalid input is sent to the driver used during PGO training for kernel mode drivers.Fixed MSVC template operator resolution with ISO C++17 and ISO C++20MSVC ASAN will ignore mapped-memory files when Rtl* memory functions are used to manipulate that memory.Updates .NET MAUI to 7.0.81 (SR4), see https://aka.ms/dotnet-maui-releases for release notes.Updates .NET iOS to 16.2.127.0, see release notes.Updates .NET Android to 33.0.46.0Addresses a fix in the configuration API that could lead to a double free vulnerability.VSIXInstaller has been updated to prevent trust warning from being hidden in the UI.

This change fixes a crash when invalid input is sent to the driver used during PGO training for kernel mode drivers.

Fixed MSVC template operator resolution with ISO C++17 and ISO C++20

MSVC ASAN will ignore mapped-memory files when Rtl* memory functions are used to manipulate that memory.

Updates .NET MAUI to 7.0.81 (SR4), see https://aka.ms/dotnet-maui-releases for release notes.

Updates .NET iOS to 16.2.127.0, see release notes.

Updates .NET Android to 33.0.46.0

Addresses a fix in the configuration API that could lead to a double free vulnerability.

VSIXInstaller has been updated to prevent trust warning from being hidden in the UI.

Security Advisories Addressed

CVE-2023-28260 .NET Remote Code Execution Vulnerability A vulnerability exists in .NET running on Windows where a runtime DLL can be loaded from an unexpected location, resulting in remote code execution.CVE-2023-28296 Visual Studio Remote Code Execution VulnerabilityCVE-2023-28299 Visual Studio Spoofing VulnerabilityCVE-2023-28262 Visual Studio Elevation of Privilege VulnerabilityCVE-2023-28263 Visual Studio Information Disclosure Vulnerability

CVE-2023-28260 .NET Remote Code Execution Vulnerability A vulnerability exists in .NET running on Windows where a runtime DLL can be loaded from an unexpected location, resulting in remote code execution.

CVE-2023-28260

CVE-2023-28296 Visual Studio Remote Code Execution Vulnerability

CVE-2023-28299 Visual Studio Spoofing Vulnerability

CVE-2023-28262 Visual Studio Elevation of Privilege Vulnerability

CVE-2023-28263 Visual Studio Information Disclosure Vulnerability

Developer Community Highlights

VS2022 17.5 no longer allows use of connection string from app.config when using Entity Framework update wizardiisexpress crashes in ntdll.dllThe Show Compact View button is missing in the (old) New Object dialogProprietary Visual Studio Extension forcing Save As dialog after upgrade from version 17.1 to 17.4All refactor feature show no reference found

VS2022 17.5 no longer allows use of connection string from app.config when using Entity Framework update wizard

iisexpress crashes in ntdll.dll

The Show Compact View button is missing in the (old) New Object dialog

Proprietary Visual Studio Extension forcing Save As dialog after upgrade from version 17.1 to 17.4

All refactor feature show no reference found

Source: Tweakers.net