question

sebbyv-6983 avatar image
0 Votes"
sebbyv-6983 asked TianyuSun-MSFT edited

Vulnerabilities in Visual Studio

Hello,

I ran a Nessus vulnerbility scan against many of my machines.
The Nessus scanner found a bunch of different vulnerbilites due to VS2015 and VS2019.
VS is showing it is up to date on the workstations.

When I go to the KB's that the scanner indicates I need to install, they are all .exe's.
- Is it possible to deploy these to my workstations remotely?
Usually updates are .msi's.
Here is a example: https://www.catalog.update.microsoft.com/Search.aspx?q=5001292


Can someone explain why these are not coming down via Windows updates or when you update Visual Studio?

Thank you!

vs-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

TianyuSun-MSFT avatar image
0 Votes"
TianyuSun-MSFT answered TianyuSun-MSFT edited

Hello @sebbyv-6983 ,

Welcome to Microsoft Q&A forum.

For VS 2019, the security updates are included in the newly updates. If you update VS 2019, VS 2019 will automatically install the security updates.

For VS 2015, as it’s an old version of VS, some sources may need to be installed separately and some sources have been removed from Microsoft Download Center, and parts of them are available at Downloads – Visual Studio Subscriptions Portal. Meanwhile, there may be some limitations, if you check this document: UPDATE: SHA-1 signed content to be retired, “These products can be installed from ISO images available at XXXXX”, so for VS 2015, get .msi files of Security Update may be a little hard.

For remote deploy, have you checked this document: Visual Studio administrator guide – Step 3 – Deploy updates?

Best Regards,
Tianyu


If the answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.