Microsoft released a new update (version 15.5.3) for its existing Visual Studio 2017 installation. If you are currently using Visual Studio 2017, you may like to update it, as it contains few fixes on top of the previous build.
If you like to check, what has been fixed in this new update, here's a list of these fixes. Don't forget to check the 'Known Issues' section.
Top Issues fixed in version 15.5.3
Microsoft Visual Studio 2017 version 15.5.3, released on 9th January 2018, contains the following important fixes:
Microsoft Security Advisories for .NET Core
CVE-2018-0786 Security Feature Bypass in X509 Certificate Validation Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of .NET Core 1.0 and 1.1, and 2.0. This advisory also provides guidance on what developers can do to update their applications correctly. This security advisory is also applicable to .NET native for UWP.
Microsoft is aware of a security vulnerability in the public versions of .NET Core where an attacker could present a certificate that is marked invalid for a specific use, but a component uses it for that purpose. This action disregards the Enhanced Key Usage tagging.
The security update addresses the vulnerability by ensuring that .NET Core components completely validate certificates. System administrators are advised to update their .NET Core runtimes to versions 1.0.9, 1.1.6 and 2.0.5. Developers are advised to update their .NET Core SDK to version 2.1.4 or 1.1.7.
Do you know? The book 'Mastering Visual Studio 2017' is now available on Amazon and Flipkart?
CVE-2018-0764 Denial of Service when parsing XML documents Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of .NET Core 1.0 and 1.1, and 2.0. This advisory also provides guidance on what developers can do to update their applications correctly.
Microsoft is aware of a Denial of Service vulnerability in all public versions of .NET core due to improper processing of XML documents. An attacker who successfully exploited this vulnerability could cause a denial of service against a .NET application. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to a .NET Core application.
The update addresses the vulnerability by correcting how .NET core handles XML document processing. System administrators are advised to update their .NET Core runtimes to versions 1.0.9, 1.1.6 and 2.0.5. Developers are advised to update their .NET Core SDK to version 2.1.4 or 1.1.7.