Description of the security update for the information disclosure vulnerability in Visual Studio 2012 Update 5: April 12, 2018

Applies to: Visual Studio 2012


An information disclosure vulnerability exists if Visual Studio incorrectly discloses the contents of its memory. An attacker who exploits this vulnerability could view uninitialized memory from the computer that is used to compile a program database file.

To learn more about the vulnerability, go to CVE-2019-0537.

How to obtain and install the update

Method 1: Microsoft Download

The following file is available for download:

Download Download the hotfix package now.

Method 2: Microsoft Update Catalog

To get the stand-alone package for this update, go to the Microsoft Update Catalog website.

More information


To apply this security update, you must have Visual Studio 2012 Update 5 installed.

Restart requirement

You may have to restart the computer after you apply this security update if an instance of Visual Studio is being used.

Security update replacement information

This security update doesn't replace other security updates.

Issues that are fixed in this security update

This security update addresses the PDB issue that is described in CVE-2018-1037, in which a PDB file may contain uninitialized heap content in a process that updates an existing PDB file, such as mspdbsrv.exe. We strongly recommend that you use the updated PDBCopy tool to check every existing PDB that you intend to share or distribute.

File information

File hash information

File name SHA1 hash SHA256 hash
VS11-KB4089501.exe 2BCF6F07640CE853BD95FE9960C8D6460CF855D0 CD4991BEFA4D0E80D35699B8F55B0C91D08F7D8D8BD26C1B148A43D325C1CCFE