CVE-2018-0785

FAQ

What does the update do? The update corrects the project templates for ####. The template updates only affect new applications. For this reason, Microsoft strongly recommends that developers who have built web applications using these templates take immediate action to evaluate their web applications for exposure to the vulnerability, and then use the workarounds in the Suggested Actions section to make code changes to update their applications to protect them from the vulnerability.

If you are running Visual Studio 2013, you need to use the workaround steps listed in the Suggested Actions section to update your applications manually every time you use the affected templates.

How do I apply the update?

1. Start Visual Studio.
2. Under the Tools menu, choose Extensions and Updates.
3. Expand the Updates tree.
4. Under Product Updates locate the following two entries: • Microsoft ASP.NET and Web Tools • Microsoft ASP.NET Web Frameworks and Tools
5. Select each update and click Update.

Suggested Actions The following workaround information details the changes that you must make to existing applications created from the ASP.NET project templates. Visual Studio 2015 MVC 5 and Visual Studio 2013 MVC 5 For C#