KLA11998
Multiple vulnerabilities in Microsoft Developer Tools

Multiple vulnerabilities were found in Microsoft Developer Tools. Malicious users can exploit these vulnerabilities to spoof user interface, execute arbitrary code.

Below is a complete list of vulnerabilities:

1. A spoofing vulnerability in Azure DevOps Server and Team Foundation Services can be exploited to spoof user interface.
2. A tampering vulnerability in Visual Studio can be exploited to spoof user interface.
3. A remote code executeion vulnerability in Visual Studio Code can be exploited remotely to execute arbitrary code.

Microsoft Visual Studio 2019 version 16.8
Microsoft Visual Studio 2019 version 16.4 (includes 16.0 - 16.3)
Azure DevOps Server 2019 Update 1.1
Visual Studio Code
Microsoft Visual Studio 2019 version 16.0
Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)
Microsoft Visual Studio 2019 version 16.7 (includes 16.0 – 16.6)

Install necessary updates from the KB section, that are listed in your Windows Update (Windows Update usually can be accessed from the Control Panel)