What is CVE-2023-23381?

CVE-2023-23381 is a remote code execution vulnerability in Visual Studio.

How severe is CVE-2023-23381?

CVE-2023-23381 has a severity rating of 7.8 out of 10, which is considered critical.

Which versions of Visual Studio are affected by CVE-2023-23381?

CVE-2023-23381 affects Visual Studio 2017 (includes 15.0 - 15.8), Visual Studio 2022 (versions 17.4, 17.2, and 17.0), Visual Studio 2019 (includes 16.0 - 16.10), Visual Studio 2015, and Visual Studio 2013.

How do I fix CVE-2023-23381 in Visual Studio 2017?

To fix CVE-2023-23381 in Visual Studio 2017, update to version 15.9 or later.

Where can I find the patch for CVE-2023-23381 in Visual Studio 2022?

You can find the patch for CVE-2023-23381 in Visual Studio 2022 version 17.4 at https://my.visualstudio.com/Downloads?q=Visual%20Studio%202022%20version%2017.4.

Vulnerability/
CVE-2023-23381

high

7.8

CWE

122

14/2/2023

1/1/2025

CVE-2023-23381: Visual Studio Remote Code Execution Vulnerability

First published: Tue Feb 14 2023(Updated: )

Visual Studio Remote Code Execution Vulnerability

Credit: secure@microsoft.com secure@microsoft.com

Affected Software	Affected Version	How to fix
Microsoft Visual Studio 2017 (includes 15.0 - 15.8)	=15.9	fix available externally
Microsoft Visual Studio 2019 (includes 16.0 - 16.10)	=16.11	fix available externally
Microsoft Visual Studio	=5	fix available externally
Microsoft Visual Studio	=17.2	fix available externally
Microsoft Visual Studio	=3	fix available externally
Microsoft Visual Studio	>=15.0<15.9.52
Microsoft Visual Studio	>=16.0<16.11.24
Microsoft Visual Studio	>=17.0<17.0.19
Microsoft Visual Studio	>=17.2<17.2.13
Microsoft Visual Studio	>=17.4<17.4.5
Microsoft Visual Studio	=17.0	fix available externally
Microsoft Visual Studio	=17.4	fix available externally

Remedy

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381

Never miss a vulnerability like this again

Reference Links

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23381 (Advisory)

Frequently Asked Questions

What is CVE-2023-23381?
CVE-2023-23381 is a remote code execution vulnerability in Visual Studio.
How severe is CVE-2023-23381?
CVE-2023-23381 has a severity rating of 7.8 out of 10, which is considered critical.
Which versions of Visual Studio are affected by CVE-2023-23381?
CVE-2023-23381 affects Visual Studio 2017 (includes 15.0 - 15.8), Visual Studio 2022 (versions 17.4, 17.2, and 17.0), Visual Studio 2019 (includes 16.0 - 16.10), Visual Studio 2015, and Visual Studio 2013.
How do I fix CVE-2023-23381 in Visual Studio 2017?
To fix CVE-2023-23381 in Visual Studio 2017, update to version 15.9 or later.
Where can I find the patch for CVE-2023-23381 in Visual Studio 2022?
You can find the patch for CVE-2023-23381 in Visual Studio 2022 version 17.4 at https://my.visualstudio.com/Downloads?q=Visual%20Studio%202022%20version%2017.4.

collector/msrc
agent/type
agent/references
agent/severity
agent/remedy
agent/title
agent/description
agent/first-publish-date
collector/msrc-cve
source/Microsoft
agent/softwarecombine
agent/software-canonical-lookup
agent/event
agent/weakness
agent/author
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/tags
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
collector/nvd-index
vendor/microsoft
canonical/microsoft visual studio 2017 (includes 15.0 - 15.8)
version/microsoft visual studio 2017 (includes 15.0 - 15.8)/15.9
canonical/microsoft visual studio 2019 (includes 16.0 - 16.10)
version/microsoft visual studio 2019 (includes 16.0 - 16.10)/16.11
canonical/microsoft visual studio
version/microsoft visual studio/5
version/microsoft visual studio/17.2
version/microsoft visual studio/3
version/microsoft visual studio/15.0
version/microsoft visual studio/16.0
version/microsoft visual studio/17.0
version/microsoft visual studio/17.4