OnlyFm252
Visual Studio

CVE-2019-1077 — Visual Studio Elevation of Privilege Vulnerability

Important EPSS 0.01755 2019-07 archive

Executive Summary

An elevation of privilege vulnerability exists when the Visual Studio updater service improperly handles file permissions. An attacker who successfully exploited this vulnerability overwrite arbitrary files with XML content in the security context of the local system. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability. The update addresses the vulnerability by correcting how the Visual Studio updater handles permissions.

Overview

Important
MS Severity
Not Exploited
MS Exploit Status
Less Likely
MS Exploit Likelihood
Category Elevation of Privilege
Released Jul 9 2019
Last Updated Jul 9 2019
Publicly Disclosed No
CISA KEV Not Listed
Known Exploits None Known
EPSS Score 0.01755 — 0.7502 percentile

EPSS Score

0.01755
probability of exploitation in the next 30 days
0.7502 percentile - updated 2026-06-20
View on FIRST.org

Affected Products

3 affected products
Product KB Article Severity Impact Restart Required
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) Release Notes (Security Update) Release Notes (Security Update) Release Notes (Security Update) Important Elevation of Privilege Maybe
Microsoft Visual Studio 2019 version 16.0 Release Notes (Security Update) Release Notes (Security Update) Release Notes (Security Update) Important Elevation of Privilege Maybe
Microsoft Visual Studio 2019 version 16.1 Release Notes (Security Update) Release Notes (Security Update) Release Notes (Security Update) Important Elevation of Privilege Maybe

Patches

1 patch
Article Type Restart
Release Notes (Security Update) Release Notes (Security Update) Release Notes Security Update Maybe

Known Exploits

Acknowledgments

@rwincey ) of Securifera

On This Page