Visual Studio 2017 version 15.3 released

New version of popular integrated development environment available
17 August 2017   2026

Visual Studio 2017 is now version 15.3. The release date сoincided with the release of .NET Core 2.0.

What's new in the release? 

  • Accessibility Improvements make Visual Studio more accessible than ever.
  • Azure Function Tools are included in the Azure development workload. You can develop Azure Function applications locally and publish directly to Azure.
  • You can now build applications in Visual Studio 2017 that run on Azure Stack and government clouds, like Azure in China.
  • Improved .NET Core development support for .NET Core 2.0, and Windows Nano Server containers.
  • In Visual Studio IDE, team improved Sign In and Identity, the start page, Lightweight Solution Load, and setup CLI. Refactoring, code generation and Quick Actions were improved too.
  • The Visual Studio Editor has better accessibility due to the new ‘Blue (Extra Contrast)’ theme and improved screen reader support.
  • Improved the Debugger and diagnostics experience. This includes Point and Click to Set Next Statement. Nested values in variable window were refreshed, and made Open Folder debugging improvements.
  • Xamarin has a new standalone editor for editing app entitlements.
  • The Open Folder and CMake Tooling experience is updated. You can now use CMake 3.8.
  • Improvements to the IntelliSense engine, and to the project and the code wizards for C++ Language Services.
  • Visual C++ Toolset supports command-prompt initialization targeting.
  • Added the ability to use C# 7.1 Language features.
  • You can install TypeScript versions independent of Visual Studio updates.
  • Added support for Node 8 debugging.
  • NuGet has added support for new TFMs (netcoreapp2.0, netstandard2.0, Tizen), Semantic Versioning 2.0.0, and MSBuild integration of NuGet warnings and errors.
  • Visual Studio now offers .NET Framework 4.7 development tools to supported platforms with 4.7 runtime included.
  • Added clusters of related events to the search query results in the Application Insights Search tool.
  • Improved syntax support for SQL Server 2016 in Redgate SQL Search.
  • Support for Microsoft Graph APIs in Connected Services.

Top Fixes

The creators of Visual Studio listened to the communities feedback and fixed 10 most voted issues in this release

  • Dark theme fails to load after F# install.
  • Visual Studio installer update causes endless loop.
  • List of recent projects not displayed correctly.
  • Cannot add a name to a new Custom Profile.
  • Moving DSL extension from Visual Studio 2015 to Visual Studio 2017 gives runtime error.
  • Try...catch block throws 'TextBuffer edit operation while another edit is in progress' error message.
  • Visual Studio self-signed certificate not accepted in Chrome 58.
  • Publish fails with 'All build submissions in a build must use project instances originating from the same project collection'.
  • 'Scanning new and updated MEF componets' runs every time Visual Studio 2017 is launched and slows startup time.
  • Page loads are slow when debugging Visual Studio 2017 locally.

Learn more at official blog.

Ledger to Discover HSM Vulnerability

HSM is an external device designed to store public and private keys used to generate digital signatures and to encrypt data, used by banks, exchanges, etc
10 June 2019   1675

A group of researchers from Ledger identified several vulnerabilities in the Hardware Security Module (HSM) devices, which can be used to extract keys or perform a remote attack to replace the firmware of an HSM device. The problem report is currently available only in French, the English-language report is scheduled to be published in August during the Blackhat USA 2019 conference. HSM is a specialized external device designed to store public and private keys used to generate digital signatures and to encrypt data.

HSM allows you to significantly increase protection, as it completely isolates keys from the system and applications, only by providing an API to perform basic cryptographic primitives implemented on the device side. Typically, HSM is used in areas where you need to provide the highest protection, for example, in banks, cryptocurrency exchanges, certification centers for checking and generating certificates and digital signatures.

The proposed attack methods allow an unauthenticated user to gain complete control over the contents of the HSM, including extracting all the cryptographic keys and administrative credentials stored on the device. The problems are caused by a buffer overflow in the internal PKCS # 11 command handler and an error in the implementation of the cryptographic protection of the firmware, which bypasses the firmware check using the PKCS # 1v1.5 digital signature and initiates loading the own firmware in the HSM.

The name of the manufacturer, the HSM devices of which have vulnerabilities, has not yet been disclosed, but it is argued that the problem devices are used by some large banks and cloud service providers. At the same time it is reported that information about the problems was previously sent to the manufacturer and it has already eliminated vulnerabilities in the fresh firmware update. Independent researchers suggest that the problem may be in the devices of the company Gemalto, which in May released an update to Sentinel LDK with the elimination of vulnerabilities, access to information about which is still closed.