Description of the security update for the information disclosure vulnerability in Visual Studio 2010 Service Pack 1: April 10, 2018

Notice

Starting on March 10, 2020, Microsoft Update is now offering this security update to additional versions of the Windows OS.

An information disclosure vulnerability exists if Visual Studio incorrectly discloses the contents of its memory. An attacker who exploits the vulnerability could view uninitialized memory from the computer that is used to compile a program database file.

To learn more about the vulnerability, see CVE-2018-1037.

The following file is available for download:

Download Download the hotfix package now.

To get the standalone package for this update, go to the Microsoft Update Catalog website.

Prerequisites

To apply this security update, you must have Visual Studio 2010 Service Pack 1 installed.

Restart requirement

You may have to restart the computer after you apply this security update if an instance of Visual Studio is being used.

Security update replacement information

This security update doesn't replace other security updates.

Issues that are fixed in this security update

This hotfix addresses the PDB security issue that is described in CVE-2018-1037, where PDB file may contain uninitialized heap content in a process that updates an existing PDB file, like mspdbsrv.exe. We strongly recommend that you use the updated PDBCopy tool to check every existing PDB that is shared or distributed for this vulnerability.

Help for protecting your Windows-based computer from viruses and malware: Microsoft Secure
Local support according to your country: International Support

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Any additional feedback? (Optional)

Thank you for your feedback!

×