Visual Studio 2017 15.9 Release Notes (original) (raw)



Developer Community| System Requirements| Compatibility| Distributable Code| License Terms| Blogs| Known Issues



Note

This is not the latest version of Visual Studio. To download the latest release, please visit the Visual Studio site.



Support Timeframe

Visual Studio 2017 version 15.9 is the final supported servicing baseline for Visual Studio 2017 and has entered the extended support period. Enterprise and Professional customers needing to adopt a long term stable and secure development environment are encouraged to standardize on this version. As explained in more detail in our lifecycle and support policy, version 15.9 will be supported with security updates through April 2027, which is the remainder of the Visual Studio 2017 product lifecycle.

Because Visual Studio 2017 is now in extended support, all administrator updates now cover all minor version ranges of the product. This means that all security updates delivered through the Microsoft Update Catalog or Microsoft Endpoint Manager will update the client to the latest secure version of the Visual Studio 2017 product.

.NET Core 2.1 is out of support as of August 21, 2021


Visual Studio 2017 version 15.9 Releases


Important

Visual Studio 2017 version 15.9 Security Advisory Notices


Visual Studio 2017 version 15.9.73

released May 13th, 2025

Issues Addressed in this release

Security Advisories Addressed


Visual Studio 2017 version 15.9.72

released April 8th, 2025

Issues Addressed in this release


Visual Studio 2017 version 15.9.71

released March 11th, 2025

Issues Addressed in this release

Security Advisories Addressed


Visual Studio 2017 version 15.9.70

released February 11th, 2025

Issues Addressed in this release

Security Advisories Addressed


Visual Studio 2017 version 15.9.69

released January 14th, 2025

Issues Addressed in this release

Security Advisories Addressed


Visual Studio 2017 version 15.9.68

released November 12th, 2024

Issues Addressed in this release


Visual Studio 2017 version 15.9.67

released October 8th, 2024

Issues Addressed in this release

Security Advisories Addressed


Visual Studio 2017 version 15.9.66

released September 10th, 2024

Issues Addressed in this release

Security Advisories Addressed

CVE-2024-35272 SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability


Visual Studio 2017 version 15.9.65

released August 13th, 2024

Issues Addressed in this release

Security Advisories Addressed


Visual Studio 2017 version 15.9.64

released July 9th, 2024

Issues Addressed in this release


Visual Studio 2017 version 15.9.63

released June 11th, 2024

Issues Addressed in this release

Security Advisories Addressed


Visual Studio 2017 version 15.9.62

released May 14th, 2024

Issues Addressed in this release

Security Advisories Addressed


Visual Studio 2017 version 15.9.61

released April 9th, 2024

Issues Addressed in this release


Visual Studio 2017 version 15.9.60

released to the web on February 13, 2024 and released to Microsoft Update on March 12, 2024

Issues Addressed in this release


Visual Studio 2017 version 15.9.59

released January 9th, 2024

Issues Addressed in this release

Security Advisories Addressed


Visual Studio 2017 version 15.9.58

released on October 10, 2023

Issues Addressed in this release


Visual Studio 2017 version 15.9.57

released on September 12, 2023

Issues Addressed in this release

Security Advisories Addressed


Visual Studio 2017 version 15.9.56

released on August 8, 2023

Issues Addressed in this release

Security Advisories Addressed


Visual Studio 2017 version 15.9.55

released on June 13, 2023

Issues Addressed in this release

Security Advisories Addressed

Visual Studio 2017 version 15.9.54

released on Apr 11, 2023

Issues Fixed in 15.9.54

Security Advisories Addressed


Visual Studio 2017 version 15.9.53

released on Mar 14, 2023

Issues Fixed in 15.9.53

Security Advisories Addressed


Visual Studio 2017 version 15.9.52

released on Feb 14, 2023

Issues Fixed in 15.9.52

Security Advisories Addressed


Visual Studio 2017 version 15.9.51

released on November 8, 2022

Issues Fixed in 15.9.51

Security Advisories Addressed


Visual Studio 2017 version 15.9.50

released on August 9, 2022

Issues Fixed in 15.9.50

Security Advisories Addressed


Visual Studio 2017 version 15.9.49

released on June 14, 2022

Security Advisories Addressed


Visual Studio 2017 version 15.9.48

released on May 10, 2022

Issues Fixed in 15.9.48

Security Advisories Addressed

CVE-2022-29148 Visual Studio Remote Code Execution VulnerabilityA remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

CVE-2022-24513 Elevation of privilege vulnerabilityA potential elevation of privilege vulnerability exists when the Microsoft Visual Studio updater service improperly parses local configuration data.


Visual Studio 2017 version 15.9.47

released on April 19, 2022

Issues Fixed in 15.9.47


Visual Studio 2017 version 15.9.46

released on April 12, 2022

Issues Fixed in 15.9.46

Security Advisories Addressed

CVE-2022-24765 Elevation of privilege vulnerabilityA potential elevation of privilege vulnerability exists in Git for Windows, in which Git operations could run outside a repository while seraching for a Git directory. Git for Windows is now updated to version 2.35.2.1.

CVE-2022-24767 DLL hijacking vulnerabilityA potential DLL hijacking vulnerability exists in Git for Windows installer, when running the uninstaller under the SYSTEM user account. Git for Windows is now updated to version 2.35.2.1.

CVE-2022-24513 Elevation of privilege vulnerabilityA potential elevation of privilege vulnerability exists when the Microsoft Visual Studio updater service improperly parses local configuration data.


Visual Studio 2017 version 15.9.45

released on March 8, 2022

Issues Fixed in 15.9.45

Security Advisories Addressed

CVE-2021-3711 OpenSSL Buffer Overflow vulnerabilityA potential buffer overflow vulnerability exists in OpenSSL, which is consumed by Git for Windows. Git for Windows is now updated to version 2.35.1.2, which addresses this issue.


Visual Studio 2017 version 15.9.44

released on February 8, 2022

Issues Fixed in 15.9.44

Security Advisories Addressed

CVE-2022-21871 Diagnostics Hub Standard Collector Runtime Elevation of Privilege VulnerabilityAn elevation of privilege vulnerability exists if the Diagnostics Hub Standard Collector incorrectly handles data operations.


New Release Icon 15.9.43 Visual Studio 2017 version 15.9.43

released on January 11, 2022

Issues Fixed in 15.9.43


New Release Icon 15.9.42 Visual Studio 2017 version 15.9.42

released on December 14, 2021

Issues Fixed in 15.9.42


New Release Icon 15.9.41 Visual Studio 2017 version 15.9.41

released on November 09, 2021

Issues Fixed in 15.9.41

Security Advisories Addressed

CVE-2021-42319 Elevation of Privilege VulnerabilityAn Elevation of Privilege vulnerability exists in the WMI Provider that is included in the Visual Studio installer.

CVE-2021-42277 Diagnostics Hub Standard Collector Service Elevation of Privilege VulnerabilityAn elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector incorrectly handles file operations.


New Release Icon 15.9.40 Visual Studio 2017 version 15.9.40

released on October 12, 2021

Issues Fixed in 15.9.40

Security Advisories Addressed

CVE-2020-1971 OpenSSL Denial of Service VulnerabilityPotential denial of service on OpenSSL library, which is consumed by Git.

CVE-2021-3449 OpenSSL Denial of Service VulnerabilityPotential denial of service on OpenSSL library, which is consumed by Git.

CVE-2021-3450 OpenSSL Potential bypass of the X509_V_FLAG_X509_STRICT flagA potential flag bypass in OpenSSL library, which is consumed by Git.


New Release Icon 15.9.39 Visual Studio 2017 version 15.9.39

released on September 14, 2021

Issues Fixed in 15.9.39

Security Advisories Addressed

CVE-2021-26434 Visual Studio Incorrect Permission Assignment Privilege Escalation VulnerabilityA permission assignment vulnerability exists in Visual Studio after installing the Game development with C++ and selecting the Unreal Engine Installer workload. The system is vulnerable to LPE during the installation it creates a directory with write access to all users.

CVE-2021-36952 Visual Studio Remote Code Execution VulnerabilityA remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.


New Release Icon 15.9.38 Visual Studio 2017 version 15.9.38

released on August 10, 2021

Issues Fixed in 15.9.38

Security Advisories Addressed

CVE-2021-26423 .NET Core Denial of Service Vulnerability

A denial of service vulnerability exists where .NET (Core) server applications providing WebSocket endpoints could be tricked into endlessly looping while trying to read a single WebSocket frame.

CVE-2021-34485 .NET Core Information Disclosure Vulnerability

An information disclosure vulnerability exists when dumps created by the tool to collect crash dumps and dumps on demand are created with global read permissions on Linux and macOS.

CVE-2021-34532 ASP.NET Core Information Disclosure Vulnerability

An information disclosure vulnerability exists in where a JWT token is logged if it cannot be parsed.


New Release Icon 15.9.37Visual Studio 2017 version 15.9.37

released on July 13, 2021

Issues Fixed in 15.9.37


New Release Icon 15.9.36Visual Studio 2017 version 15.9.36

released on May 11, 2021

Issues Fixed in 15.9.36


New Release Icon 15.9.35Visual Studio 2017 version 15.9.35

released on April 13, 2021

Issues Fixed in 15.9.35

Security Advisories Addressed

CVE-2021-27064 Visual Studio Installer Elevation of Privilege Vulnerability

A remote code execution vulnerability exists when the Visual Studio installer executes the feedback client in an elevated state.

CVE-2021-28313 / CVE-2021-28321 / CVE-2021-28322 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector incorrectly handles data operations.


New Release Icon 15.9.34Visual Studio 2017 version 15.9.34

released on March 09, 2021

Issues Fixed in 15.9.34

Security Advisories Addressed

CVE-2021-21300 Git for Visual Studio Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Visual Studio clones a malicious repository.

CVE-2021-26701 .NET Core Remote Code Execution Vulnerability

A remote code execution vulnerability exists in .NET 5 and .NET Core due to how text encoding is performed.


New Release Icon 15.9.33Visual Studio 2017 version 15.9.33

released on February 10, 2021

Issues Fixed in 15.9.33


New Release Icon 15.9.32Visual Studio 2017 version 15.9.32

released on February 09, 2021

Issues Fixed in 15.9.32

Security Advisories Addressed

CVE-2021-1639 TypeScript Language Service Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Visual Studio loads a malicious repository containing JavaScript or TypeScript code files.

CVE-2021-1721 .NET Core Denial of Service Vulnerability

A denial-of-service vulnerability exists when creating HTTPS web request during X509 certificate chain building.

CVE-2021-24112 .NET 5 and .NET Core Remote Code Execution Vulnerability

A remote code execution vulnerability exists when disposing metafiles when a graphics interface still has a reference to it. This vulnerability only exists on systems running on MacOS or Linux.


New Release Icon 15.9.31Visual Studio 2017 version 15.9.31

released on January 12, 2021

Issues Fixed in 15.9.31

Security Advisories Addressed

CVE-2021-1651 / CVE-2021-1680 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector incorrectly handles data operations.

CVE-2020-26870 Visual Studio Installer Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Visual Studio Installer attempts to show malicious markdown.


New Release Icon 15.9.30Visual Studio 2017 version 15.9.30

released on December 08, 2020

Issues Fixed in 15.9.30

Security Advisories Addressed

CVE-2020-17156 Visual Studio Remote Code Execution Vulnerability

A remote code execution vulnerability exists when Visual Studio clones a malicious repository.


New Release Icon 15.9.29Visual Studio 2017 version 15.9.29

released on November 20, 2020

Issues Fixed in 15.9.29

Security Advisories Addressed

CVE-2020-17100 Visual Studio Tampering Vulnerability

A tampering vulnerability exists when the Python Tools for Visual Studio creates the python27 folder. An attacker who successfully exploited this vulnerability could run processes in an elevated context.


New Release Icon 15.9.28Visual Studio 2017 version 15.9.28

released on October 13, 2020

Issues Fixed in 15.9.28


New Release Icon 15.9.27Visual Studio 2017 version 15.9.27

released on September 8, 2020

Issues Fixed in 15.9.27

Security Advisories Addressed

CVE-2020-1130 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles data operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

CVE-2020-1133 Diagnostics Hub Standard Collector Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations. An attacker who successfully exploited this vulnerability could run processes in an elevated context.

CVE-2020-16856 Visual Studio Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

CVE-2020-16874 Visual Studio Remote Code Execution Vulnerability

A remote code execution vulnerability exists in Visual Studio when it improperly handles objects in memory. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user.

CVE-2020-1045 Microsoft ASP.NET Core Security Feature Bypass Vulnerability

A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names. The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.


New Release Icon 15.9.26Visual Studio 2017 version 15.9.26

released on August 11, 2020

Issues Fixed in 15.9.26

Security Advisories Addressed

CVE-2020-1597 ASP.NET Core Denial of Service Vulnerability

A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.


New Release Icon 15.9.25Visual Studio 2017 version 15.9.25

released on July 14, 2020

Issues Fixed in 15.9.25

Security Advisories Addressed

CVE-2020-1393 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input, leading to an unsecure library-loading behavior.

CVE-2020-1416 Visual Studio Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Visual Studio when it loads software dependencies. A local attacker who successfully exploited the vulnerability could inject arbitrary code to run in the context of the current user.

CVE-2020-1147 .NET Core Denial of Service Vulnerability

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to an ASP.NET Core application, or other application that parses certain types of XML. The security update addresses the vulnerability by restricting the types that are allowed to be present in the XML payload.


New Release Icon 15.9.24Visual Studio 2017 version 15.9.24

released on June 02, 2020

Issues Fixed in 15.9.24

Security Advisories Addressed

CVE-2020-1202 / CVE-2020-1203Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector fails to properly handle objects in memory.

CVE-2020-1293 / CVE-2020-1278 / CVE-2020-1257 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles file operations.

CVE-2020-1108 / CVE-2020-1108 / CVE-2020-1108 .NET Core Denial of Service Vulnerability

To comprehensively address CVE-2020-1108, Microsoft has released updates for .NET Core 2.1 and .NET Core 3.1. Customers who use any of these versions of .NET Core should install the latest version of .NET Core. See the Release Notes for the latest version numbers and instructions for updating .NET Core.


New Release Icon 15.9.23Visual Studio 2017 version 15.9.23

released on May 12, 2020

Issues Fixed in 15.9.23

Security Advisories Addressed

CVE-2020-1108 .NET Core Denial of Service Vulnerability

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the .NET Core application. The security update addresses the vulnerability by correcting how the .NET Core web application handles web requests.


New Release Icon 15.9.22Visual Studio 2017 version 15.9.22

released on April 14, 2020

Issues Fixed in 15.9.22

Security Advisories Addressed

CVE-2020-0899 Microsoft Visual Studio Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when Microsoft Visual Studio updater service improperly handles file permissions. An attacker who successfully exploited this vulnerability could overwrite arbitrary file content in the security context of the local system.

CVE-2020-0900 Visual Studio Extension Installer Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Visual Studio Extension Installer Service improperly handles file operations. An attacker who successfully exploited the vulnerability could delete files in arbitrary locations with elevated permissions.

CVE-2020-5260 Git for Visual Studio Credential Leak Vulnerability due to insufficient validation on URLs

A credential leak vulnerability exists when specially crafted URLs are parsed and sent to credential helpers. This can lead to credentials being sent to the wrong host.


New Release Icon 15.9.21Visual Studio 2017 version 15.9.21

released on March 10, 2020

Issues Fixed in 15.9.21

Security Advisories Addressed

CVE-2020-0793 / CVE-2020-0810 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector improperly handles file operations, or the Windows Diagnostics Hub Standard Collector Service fails to properly sanitize input.

CVE-2020-0884 Spoofing vulnerability when creating Outlook Web -Add-in

A spoofing vulnerability exists when creating an Outlook Web-Addin if multi-factor authentication is enabled


New Release Icon 15.9.20Visual Studio 2017 version 15.9.20

released on February 11, 2020

Issues Fixed in 15.9.20


New Release Icon 15.9.19Visual Studio 2017 version 15.9.19

released on January 14, 2020

Issues Fixed in 15.9.19

Security Advisories Addressed

CVE-2020-0602 ASP.NET Core Denial of Service Vulnerability

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The security update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests.

CVE-2020-0603 ASP.NET Core Remote Code Execution Vulnerability

A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The security update addresses the vulnerability by correcting how the ASP.NET Core web application handles in memory.


New Release Icon 15.9.18Visual Studio 2017 version 15.9.18

released on December 10, 2019

Issues Fixed in 15.9.18

Security Advisories Addressed

CVE-2019-1349 Git for Visual Studio Remote Excecution Vulnerability due to too lax restrictions on submodule names

A remote code execution vulnerability exists when Git runs into collisions of submodule names for directories of sibling submodules. An attacker who successfully exploited this vulnerability could remote execute code on the target machine. The security update addresses the vulnerability by taking a new version of Git for Windows which requires the directory for the submodules’ clone to be empty.

CVE-2019-1350 Git for Visual Studio Remote Excecution Vulnerability due to incorrect quoting of command-line arguments

A remote code execution vulnerability exists when Git interprets command-line arguments with certain quoting during a recursive clone in conjunction with SSH URLs. An attacker who successfully exploited this vulnerability could remote execute code on the target machine. The security update addresses the vulnerability by taking a new version of Git for Windows which fixes the issue.

CVE-2019-1351 Git for Visual Studio Arbitrary File Overwrite Vulnerability due to usage of non-letter drive names during clone

An arbitrary file overwrite vulnerability exists in Git when non-letter drive names bypass safety checks in git clone. An attacker who successfully exploited this vulnerability could write to arbitrary files on the target machine. The security update addresses the vulnerability by taking a new version of Git for Windows which fixes the issue.

CVE-2019-1352 Git for Visual Studio Remote Excecution Vulnerability due to unawareness of NTFS Alternate Data Stream

A remote code execution vulnerability exists in Git when cloning and writing to .git/ directory via NTFS alternate data streams. An attacker who successfully exploited this vulnerability could remote execute code on the target machine. The security update addresses the vulnerability by taking a new version of Git for Windows which has been made aware of NTFS alternate data streams.

CVE-2019-1354 Git for Visual Studio Arbitrary File Overwrite Vulnerability due to not refusing to write out tracked files containing backslashes

An arbitrary file overwrite vulnerability exists in Git when tree entries with backslashes and malicious symlinks could break out of the work tree. An attacker who successfully exploited this vulnerability could write to arbitrary files on the target machine. The security update addresses the vulnerability by taking a new version of Git for Windows which does not allow this usage of backslashes.

CVE-2019-1387 Git for Visual Studio Remote Execution Vulnerability due to too lax validation of submodule names in recursive clones

A remote code execution vulnerability exists in Git when cloning recursively with submodules. An attacker who successfully exploited this vulnerability could remote execute code on the target machine. The security update addresses the vulnerability by taking a new version of Git for Windows which tightens validation of submodule names.


New Release Icon 15.9.17Visual Studio 2017 version 15.9.17

released on October 15, 2019

Security Advisories Addressed

CVE-2019-1425 NPM Package Elevation of Privilege Vulnerability (published November 12, 2019)

An elevation of privilege vulnerability exists when Visual Studio fails to properly validate hardlinks when extracting archived files. The vulnerabilities were introduced by NPM packages used by Visual Studio as described in the following two NPM advisories: npmjs.com/advisories/803 and npmjs.com/advisories/886. The updated versions of these NPM packages were included in this version of Visual Studio.


New Release Icon 15.9.16Visual Studio 2017 version 15.9.16

released on September 10, 2019

Issues Fixed in 15.9.16

Security Advisories Addressed

CVE-2019-1232 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly impersonates certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. An attacker with unprivileged access to a vulnerable system could exploit this vulnerability. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Service properly impersonates file operations.

CVE-2019-1301 Denial of Service Vulnerability in .NET Core

A denial of service vulnerability exists when .NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET Core web application. The vulnerability can be exploited remotely, without authentication.

The update addresses the vulnerability by correcting how the .NET Core web application handles web requests.


New Release Icon 15.9.15Visual Studio 2017 version 15.9.15

released on August 13, 2019

Issues Fixed in 15.9.15

Security Advisories Addressed

CVE-2019-1211 Git for Visual Studio Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists in Git for Visual Studio when it improperly parses configuration files. An attacker who successfully exploited the vulnerability could execute code in the context of another local user. To exploit the vulnerability, an authenticated attacker would need to modify Git configuration files on a system prior to a full installation of the application. The attacker would then need to convince another user on the system to execute specific Git commands. The update addresses the issue by changing the permissions required to edit configuration files.


New Release Icon 15.9.14Visual Studio 2017 version 15.9.14

released on July 9, 2019

Issues Fixed in 15.9.14

Security Advisories Addressed

CVE-2019-1075 ASP.NET Core Spoofing Vulnerability

.NET Core updates have released today and are included in this Visual Studio update. This release addresses security and other important issues. Details can be found in the .NET Core release notes.

CVE-2019-1077 Visual Studio Extension Auto Update Vulnerability

An elevation of privilege vulnerability exists when the Visual Studio Extension auto-update process improperly performs certain file operations. An attacker who successfully exploited this vulnerability could delete files in arbitrary locations. To exploit this vulnerability, an attacker would require unprivileged access to a vulnerable system. The security update addresses the vulnerability by securing locations the Visual Studio Extension auto-update performs file operations in.

CVE-2019-1113 WorkflowDesigner XOML deserialization allows code execution

A XOML file referencing certain types could cause random code to be executed when the XOML file is opened in Visual Studio. There is now a restriction on what types are allowed to be used in XOML files. If a XOML file containing one of the newly unauthorized types is opened, a message is displayed explaining that the type is unauthorized.

For further information, please refer to https://support.microsoft.com/help/4512190/remote-code-execution-vulnerability-if-types-are-specified-in-xoml.


New Release Icon 15.9.13Visual Studio 2017 version 15.9.13

released on June 11, 2019

Issues Fixed in 15.9.13


New Release Icon 15.9.12Visual Studio 2017 version 15.9.12

released on May 14, 2019

Issues Fixed in 15.9.12

Security Advisories Addressed

CVE-2019-0727 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly performs certain file operations. An attacker who successfully exploited this vulnerability could delete files in arbitrary locations. To exploit this vulnerability, an attacker would require unprivileged access to a vulnerable system. The security update addresses the vulnerability by securing locations the Diagnostics Hub Standard Collector performs file operations in.


New Release Icon 15.9.11Visual Studio 2017 version 15.9.11

released on April 02, 2019

Issues Fixed in 15.9.11


New Release Icon 15.9.10Visual Studio 2017 version 15.9.10

released on March 25, 2019

Issues Fixed in 15.9.10


New Release Icon 15.9.9Visual Studio 2017 version 15.9.9

released on March 12, 2019

Issues Fixed in 15.9.9

Security Advisories Addressed

CVE-2019-9197 Unity Editor Remote Code Execution Vulnerability

A remote code execution vulnerability exists in the Unity Editor, a 3rd party software that Visual Studio offers to install as part of the Game Development with Unity workload. If you've installed Unity from Visual Studio, please make sure to update the version of Unity you're using to a version that addresses the vulnerability as described in the CVE. The Visual Studio installer has been updated to offer to install a Unity Editor version which addresses the vulnerability.

CVE-2019-0809 Visual Studio Remote Code Execution Vulnerability

A remote code execution vulnerability exists when the Visual Studio C++ Redistributable Installer improperly validates input before loading dynamic link library (DLL) files. An attacker who successfully exploited the vulnerability could execute arbitrary code in the context of the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. To exploit the vulnerability, an attacker must place a malicious DLL on a local system and convince a user to execute a specific executable. The security update addresses the vulnerability by correcting how the Visual Studio C++ Redistributable Installer validates input before loading DLL files.

CVE-2019-0757 .NET Core NuGet Tampering Vulnerability

A tampering vulnerability exists in NuGet software when executed in a Linux or Mac environment. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. Exploitation of the vulnerability requires that an attacker can login as any other user on that machine. At that point, the attacker will be able to replace or add to files that were created by a NuGet restore operation in the current users account.

.NET Core updates have released today and are included in this Visual Studio update. The security update addresses the vulnerability by correcting how NuGet restore creates file permissions for all files extracted to the client machine. Details about the packages can be found in the .NET Core release notes.


New Release Icon 15.9.8Visual Studio 2017 version 15.9.8

released on March 05, 2019

Issues Fixed in 15.9.8


New Release Icon 15.9.7Visual Studio 2017 version 15.9.7

released on February 12, 2019

Issues Fixed in 15.9.7

Security Advisories Addressed

CVE-2019-0613 WorkflowDesigner XOML deserialization allows code execution

A XOML file referencing certain types could cause random code to be executed when the XOML file is opened in Visual Studio. There is now a restriction on what types are allowed to be used in XOML files. If a XOML file containing one of the newly unauthorized types is opened, a message is displayed explaining that the type is unauthorized.

For further information, please refer to XOML vulnerability documentation

CVE-2019-0657 .NET Framework and Visual Studio Spoofing Vulnerability

.NET Core updates have released today and are included in this Visual Studio update. This release addresses security and other important issues. Details can be found in the .NET Core release notes.


New Release Icon 15.9.6Visual Studio 2017 version 15.9.6

released on January 24, 2019

Issues Fixed in 15.9.6


New Release Icon 15.9.5Visual Studio 2017 version 15.9.5

released on January 08, 2019

Issues Fixed in 15.9.5

Security Advisories Addressed

CVE-2019-0546 Visual Studio Remote Code Execution VulnerabilityA remote code execution vulnerability exists in Visual Studio when the C++ compiler improperly handles specific combinations of C++ constructs. An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could take control of the affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The security update addresses the vulnerability by correcting how the Visual Studio C++ compiler handles certain C++ constructs.


New Release Icon 15.9.4Visual Studio 2017 version 15.9.4

released on December 11, 2018

Issues Fixed in 15.9.4

Security Advisories Addressed

CVE-2018-8599 Diagnostics Hub Standard Collector Service Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Diagnostics Hub Standard Collector Service improperly handles certain file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges. To exploit this vulnerability, an attacker would require unprivileged access to a vulnerable system. The security update addresses the vulnerability by ensuring the Diagnostics Hub Standard Collector Services properly impersonates file operations.


New Release Icon 15.9.3Visual Studio 2017 version 15.9.3

released on November 28, 2018

Issues Fixed in 15.9.3


New Release Icon 15.9.2Visual Studio 2017 version 15.9.2

released on November 19, 2018

Issues Fixed in 15.9.2


New Release Icon 15.9.1Visual Studio 2017 version 15.9.1

released on November 15, 2018

Issues Fixed in 15.9.1

Details of What's New in 15.9.1

Universal Windows Platform Development SDK

The Windows 10 October 2018 Update SDK (build 17763) is now the default selected SDK for the Universal Windows Platform development workload.


Summary of Notable New Features in 15.9

Top Issues Fixed in 15.9

See all customer-reported issues fixed in Visual Studio 2017 version 15.9.

Developer Community Portal The Developer Community Portal


Details of What's New in 15.9

New Release Icon 15.9.0Visual Studio 2017 version 15.9.0

released on November 13, 2018

New Features in 15.9

Install

We made it easier to keep your installation settings consistent across multiple installations of Visual Studio. You can now use the Visual Studio Installer to export a .vsconfig file for a given instance of Visual Studio. This file will contain information about what workloads and components you have installed. You can then import this file to add these workload and component selections to another installation of Visual Studio.

Debugging

We have added support for consuming the new portable-pdb based symbol package format (.snupkg). We have added tooling to make it easy to consume and manage these symbol packages from sources like the NuGet.org symbol server.

C++

F#

F# Compiler

F# Tools

F# Open Source Repository

The VisualFSharpFull project is now set as the default startup project, eliminating the need to manually set that before debugging. Thanks, Robert Jeppesen!

JavaScript and TypeScript Language Service Support

SharePoint 2019 Support

We added new templates that allow you to create projects for SharePoint 2019. You will have the ability to migrate existing SharePoint projects from both SharePoint 2013 and SharePoint 2016 to the new project template.

Visual Studio Tools for Xamarin

Visual Studio Tools for Xamarin now supports Xcode 10, which allows you to build and debug apps for iOS 12, tvOS 12, and watchOS 5. See how to get ready for iOS 12and our introduction to iOS 12for more details on the new features available.

Initial Xamarin.Android Build Performance Improvements

Xamarin.Android 9.1 includes initial build performance improvements. See our Xamarin.Android 15.8 vs. 15.9 build performance comparison for more details.

Tools for Universal Windows Platform Developers

NuGet

NuGet Credential Provider Improvements

This release substantially improves the experience of using authenticated package feeds, especially for Mac and Linux users:

NuGet Package Manager Improvements

NuGet Security

We have introduced NuGet Client Policies which allow you to configure package security constraints. This means you can lock down environments so only trusted packages can be installed by:

.NET Core Tools for Visual Studio

Starting with this release, the .NET Core tools for Visual Studio will now default to using only the latest stable version of a .NET Core SDK that is installed on your machine for GA releases of Visual Studio. For future previews, the tools will use only preview .NET Core SDKs.


Fixed Issues

See all customer-reported issues fixed in Visual Studio 2017 version 15.9.

DevComIcon The Developer Community Portal


Known Issues

See all existing known issues and available workarounds in Visual Studio 2017 version 15.9.

KnownIssueButton Visual Studio 2017 Known Issues


Feedback & Suggestions

We would love to hear from you! For issues, let us know through the Report a Problem option in the upper right-hand corner of either the installer or the Visual Studio IDE itself. The Report a Problem Icon icon is located in the upper right-hand corner. You can make a product suggestion or track your issues in the Visual Studio Developer Community, where you can ask questions, find answers, and propose new features. You can also get free installation help through our Live Chat support.


Blogs

Take advantage of the insights and recommendations available in the Developer Tools Blogs site to keep you up-to-date on all new releases and include deep dive posts on a broad range of features.

Developer Tools Blogs


Visual Studio 2017 Release Notes History

For more information relating to past versions of Visual Studio 2017, see the Visual Studio 2017 Release Notes History page.


Top of Page