This article helps you resolve the "This update requires Visual Studio 2015 Update 3 to be installed" error that occurs if a required cumulative servicing and performance update (KB3165756) to Visual Studio 2015 Update 3 is missing.
To apply this security update, you must have both Visual Studio 2015 Update 3 and the subsequent Cumulative Servicing Release KB 3165756 installed. Typically, KB 3165756 is installed automatically when you install Visual Studio 2015 Update 3. However, in some cases, you have to install the two packages separately.
Microsoft Visual Studio 2015 Update 3 security patch
We recommend that you close Visual Studio 2015 before you install this security update. Otherwise, you may have to restart the computer after you apply this security update if a file that is being updated is open or in use by Visual Studio.
To learn more about other related downloads, see the Downloads page. You can also access the bits and release notes right now on an Azure-hosted VM. You should be able to install this update on top of previous installations of Visual Studio 2015.
Vendor ReferencesCVE-2022-35777 - msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777
CVE-2022-35825 - msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825
CVE-2022-35826 - msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826
CVE-2022-35827 - msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827
CVEs related to QID 91932CVE-2022-35777 CVE-2022-35826 CVE-2022-35825 CVE-2022-35827 Software AdvisoriesAdvisory IDSoftwareComponentLinkCVE-2022-35777msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35777CVE-2022-35825msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35825CVE-2022-35826msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35826CVE-2022-35827msrc.microsoft.com/update-guide/vulnerability/CVE-2022-35827 By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].Array( [link] => -guide/vulnerability/CVE-2022-35827 [advisory_id] => CVE-2022-35827 [os_sw] => [component] => )Array( [qid] => 91932 [title] => Microsoft Visual Studio Security Update for August 2022 [severity] => 4 [description] => Microsoft has released security Updates for Visual Studio which resolves Remote Code Execution Vulnerabilities.Affected Software: Microsoft Visual Studio 2012 Update 5Microsoft Visual Studio 2013 Update 5Microsoft Visual Studio 2015 Update 3Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8)Microsoft Visual Studio 2019 version 16.9 (includes 16.0 - 16.8)Microsoft Visual Studio 2019 version 16.11 (includes 16.0 - 16.10)Microsoft Visual Studio 2022 Version 17.0 and Microsoft Visual Studio 2022 version 17.2 QID Detection Logic: Authenticated This QID detects vulnerable versions of Microsoft Visual Studio by checking the file version of the Visual Studio. [solution] => Customers are advised to refer to CVE-2022-35777, CVE-2022-35827, CVE-2022-35826, and CVE-2022-35825 for more information pertaining to these vulnerabilities. [consequence] => Vulnerable versions of Microsoft Visual Studio are prone to Remote Code Execution Vulnerabilities. [published] => Yes [date_insert] => 2022-08-09 [date_published] => 2022-08-10 [cve] => Array ( [0] => CVE-2022-35777 [1] => CVE-2022-35826 [2] => CVE-2022-35825 [3] => CVE-2022-35827 ) [vendor_refs] => Array ( [0] => Array ( [vendor_ref] => CVE-2022-35777 [vendor_ref_url] => -guide/vulnerability/CVE-2022-35777 ) [1] => Array ( [vendor_ref] => CVE-2022-35825 [vendor_ref_url] => -guide/vulnerability/CVE-2022-35825 ) [2] => Array ( [vendor_ref] => CVE-2022-35826 [vendor_ref_url] => -guide/vulnerability/CVE-2022-35826 ) [3] => Array ( [vendor_ref] => CVE-2022-35827 [vendor_ref_url] => -guide/vulnerability/CVE-2022-35827 ) ) [cvss_v2] => Array ( [basescore] => 9 [temporalscore] => 7 ) [cvss_v3] => Array ( [basescore] => 8.8 [temporalscore] => 7.9 ) [patches] => Array ( [0] => Array ( [link] => -guide/vulnerability/CVE-2022-35777 [advisory_id] => CVE-2022-35777 [os_sw] => [component] => ) [1] => Array ( [link] => -guide/vulnerability/CVE-2022-35825 [advisory_id] => CVE-2022-35825 [os_sw] => [component] => ) [2] => Array ( [link] => -guide/vulnerability/CVE-2022-35826 [advisory_id] => CVE-2022-35826 [os_sw] => [component] => ) [3] => Array ( [link] => -guide/vulnerability/CVE-2022-35827 [advisory_id] => CVE-2022-35827 [os_sw] => [component] => ) )) CVE.report 2023Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.
We've been using VS 2012 for about 4 years now. Recently however, the enterprise placed a Host Intrusion Protection System onto the machines we use. This HIPS causes use to get a HIPS error each time we try to install any Visual Studio 2012 updates on any of these machines. They recently applied for an exception for Visual Studio 2015 so we are able to install Visual Studio 2015 Enterprise version D14REL.
Seeing the updates which were available for VS 2015 we attempted to install Visual Studio 2015 Update 3. We first tried it on my old machine where we first had success installing VS 2015 Ent. D14REL. We were able to do this by going into Add/Remove Programs selecting VS 2015 Ent, selecting "change" and Selecting modify. Upon doing so we were given the option for selecting Update 3 in the install wizard. This worked fine and my old machine has VS 2015 Ent Update 3. Then another user got a download from the Microsoft site for Update 3. When He tried to install using an install disk created by the downloaded iso, at first his VS2015 was corrupted. Then he did a repair (again selecting update 3 from the components to be installed list.) This resulted in him having Update 3 installed. I tried to use the same disk on my new machine. However, the machine reported it did not see any disk in the DVD-RW disk drive. So we copied it onto a folder in the C:\ drive . We ran the installer Wizard. The wizard went through the acquiring all the necessary files quite rapidly. The it started doing Visual Studio 2015 preparation. As soon as this step completed it reported "Set up complete", and went to the end of the set up process. However, the about dialog on VS 2015 reported it was still at D14 REL. I tried doing a repair like the other guy. It just went to "Setup complete" in a short period of time after running "VS 2015 preparations" I tried doing a repair from Add/Remove Programs. Same behavior. I tried logging onto the machine with an administrator user, and running the install "as administrator". No difference. There are no HIPS errors, There are no logged errors reported. It just refuses to install.
Not possible. insufficient permissions as well as being against the rules. However there were no HIPS log entries as there are when HIPS blocks an install. In addition, since the HIPS policies are set enterprise wide, then the other people who have been able to complete this install as well as my install on my other machine would be experiencing the same issue, which they are not. between my and my colleague's machine there is no difference They were both newly imaged machines with the same image installed. Both were also newly tech refreshed machines. Between my old machine and this new machine there are considerable differences, different models of machine, different things previously installed (It had VS 2012 Professional Update 4 installed, SQL Server 2008R2 and SS2014 installed before the HIPS polices were put into place. However before the HIPS agency updated the policies, It was not able to install VS 2015 at all and there were HIPS errors printed into the log.
The KB Articles associated with the update:KB4541506KB4541510KB4540681KB4540689KB4540670KB4538461KB4541509KB4540673KB4540688KB4540693KB4540671QID Detection Logic:This QID checks for the file version of Mshtml.dllThe following versions of Mshtml.dll with their corresponding KBs are verified:KB4541506 - 9.0.8112.21422KB4541510 - 10.0.9200.22975KB4540681 - 11.0.16299.1747KB4540689 - 11.0.17134.1365KB4540670 - 11.0.14393.3564KB4541509 - 11.0.9600.19650KB4540688 - 11.0.9600.19650KB4540693 - 11.0.10240.18519ConsequenceAn attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system.SolutionPlease refer to the Security Update Guide for more information pertaining to these vulnerabilities.Patches:The following are links for downloading patches to fix these vulnerabilities:Microsoft Security Update Guide Windows
This security update contains the following KBs:KB4484240KB4484231KB4484268KB4484270KB4475602QID Detection Logic:This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected office system.NOTE: Microsoft released ADV200004 in April 2020 for which the fix was included in March updates.ConsequenceSuccessful exploitation allows an attacker to execute code remotely.SolutionRefer to Microsoft Security Guidance for more details pertaining to this vulnerability.Patches:The following are links for downloading patches to fix these vulnerabilities:Microsoft Office and Microsoft Office Services and Web Apps Security Update March 2020 2ff7e9595c
Comments