Description of the security update for the Diagnostics Hub Standard Collector elevation of privilege vulnerability in Visual Studio 2015 Update 3: September 9, 2018

2019-10-28T21:30:52
ID KB4463110
Type mskb
Reporter Microsoft
Modified 2019-10-28T22:07:02

Description

<html><body><p>Resolves a vulnerability in Visual Studio 2015.</p><h2></h2><p><strong>Applies to:</strong> Visual Studio 2015 Update 3 Community, Professional, Enterprise, and Remote Tools. </p><p><strong>Does not apply to:</strong> Build Tools, Visual Studio 2015 Isolated and Integrated Shells.</p><p><strong>Note</strong>: On October 8, 2019, we released improvements to our offering method for this update on Microsoft Update that ensure this update is offered to all appropriate configurations.</p><h2>Summary</h2><div class="kb-summary-section section">An elevation of privilege vulnerability exists if the Diagnostics Hub Standard Collector or the Visual Studio Standard Collector allows file creation in arbitrary locations.<br/><br/>To learn more about the vulnerability, go to <a href="https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-0952" id="kb-link-2" target="_self"> CVE-2018-0952</a>.</div><h2>More information</h2><p><strong>Prerequisites</strong></p><p>To apply this security update, you must have <a aria-live="assertive" data-bi-name="content-anchor-link" data-content-id="" data-content-type="" href="https://aka.ms/vs/14/docs/2015_Update3" managed-link="" tabindex="0" target="_blank">Visual Studio 2015 Update 3</a> installed.</p><p><strong>Replacement information</strong></p><p>This update replaces <a data-content-id="" data-content-type="" href="http://support.microsoft.com/kb/4456688" managed-link="" target="_blank">KB4456688</a>.</p><div class="kb-moreinformation-section section"><table class="faq-section" faq-section=""><tbody class="faq-panel"><tr><td faq-panel-heading=""><span class="bold btn-link">How to obtain help and support for this security update</span></td></tr><tr><td faq-panel-body=""><div class="kb-collapsible kb-collapsible-collapsed"><span>Help for protecting your Windows-based computer from viruses and malware: <a data-content-id="" data-content-type="" href="https://support.microsoft.com/contactus/cu_sc_virsec_master" id="kb-link-17" managed-link="" target="_blank">Microsoft Secure</a><br/><br/>Local support according to your country: <a data-content-id="" data-content-type="" href="https://www.microsoft.com/en-us/locale.aspx" id="kb-link-18" managed-link="" target="_blank">International Support</a></span></div><span> </span></td></tr></tbody></table><a class="bookmark" id="fileinfo"></a></div><h2>How to obtain and install the update</h2><h3>Visual Studio 2015 Update 3</h3><h4>Method 1: Microsoft Download</h4><p>The following file is available for download:</p><p><img alt="Download " class="graphic" src="/library/images/support/kbgraphics/public/en-us/download.gif" title="Download "/><a data-content-id="" data-content-type="" href="http://aka.ms/vs/14/release/4463110" managed-link="" target="_blank">Download the hotfix package now.</a></p><h4 class="sbody-h3">Method 2: Microsoft Update Catalog</h4><p>To get the standalone package for this update, go to the <a data-content-id="" data-content-type="" href="http://catalog.update.microsoft.com/v7/site/search.aspx?q=4463110" id="kb-link-14" managed-link="" target="">Microsoft Update Catalog</a> website.</p><p><strong>Note </strong>You must restart your computer <em><strong>before</strong></em> you install this update. </p><h3>Visual Studio 2015 Remote Tools</h3><p>To download the updated remote tools for Visual Studio 2015 Update 3, go to the following Microsoft webpage:</p><p><img alt="Download " class="graphic" src="/library/images/support/kbgraphics/public/en-us/download.gif" title="Download "/><a data-content-id="" data-content-type="" href="https://my.visualstudio.com/Downloads?q=visual%20studio%202015%20update%203%20remote%20tools&pgroup" managed-link="" target="_blank">Visual Studio 2015 Update: Remote Tools</a></p><h2>File information</h2><table class="faq-section" faq-section=""><tbody class="faq-panel"><tr><td faq-panel-heading=""><h3>File hash information</h3></td></tr><tr><td faq-panel-body=""><table class="table"><tbody><tr><th>File name</th><th>SHA1 hash</th><th>SHA256 hash</th></tr><tr><td>vs14-kb4463110.exe</td><td>675961AABDFA243A8FE3E8C9DB092EF577B450DF</td><td>7A44B99CD19EDBDABF27C7200FC9E5CB5615D32259BE5F969BD6740C055B623B</td></tr></tbody></table></td></tr></tbody></table><p><strong>File information</strong><br/><span>the English (United States) version of this software update installs files that have the attributes that are listed in the following tables. the dates and the times for these files are listed in Coordinated Universal Time (UTC). the dates and the times for these files on your local computer are displayed in your local time together with your current daylight saving time (DST) bias. Additionally, the dates and the times may change when you perform certain operations on the files. </span></p><table class="faq-section" faq-section=""><tbody class="faq-panel"><tr><td faq-panel-heading="">For all supported versions</td></tr><tr><td faq-panel-body=""><table class="table"><tbody><tr><td><strong class="sbody-strong">File name</strong></td><td><strong class="sbody-strong">File version</strong></td><td><strong class="sbody-strong">File size</strong></td><td><strong class="sbody-strong">Platform</strong></td></tr><tr><td>vs14-kb4463110.exe</td><td>14.0.27527</td><td>3,634,384</td><td>X86</td></tr></tbody></table></td></tr></tbody></table><h2>Installation verification</h2><p>To check that this security update was applied correctly, follow these steps:</p><ol><li>Open the Visual Studio 2015 folder.</li><li>Locate the DiagnosticHub.StandardCollector.Runtime.dll file.</li><li>Verify that the file version is equal to or greater than <strong>14.0.27527</strong>.</li></ol></body></html>