Microsoft Ships Visual Studio Code 1.128.1 to Patch Critical Flaws
The updated editor brings GA multimodal Copilot, Claude agent multi-chat, and enterprise telemetry controls, but the security patch is what matters most right now.
Microsoft has now released Visual Studio Code 1.128.1, a follow-up to the July 8 rollout that patches three critical security flaws discovered just days after launch. The initial 1.128 update was already packed with aggressive AI integrations and enterprise management controls. This rapid security turnaround serves as a necessary dose of reality for agentic IDEs.
The base 1.128 release pushed VS Code further into the AI-driven development space. Microsoft enabled multi-chat agent sessions for Claude, moved Copilot Vision to general availability, and rolled out OpenTelemetry telemetry management for IT admins. If you're running the base version, you've probably already noticed the new Agents window behavior. Keep in mind that 1.128.1 ships exclusively to address those three security vulnerabilities before anyone could exploit them in production.
The security patch itself does not rewrite the interface. It tightens Copilot token handling to stop credential leaks, blocks a workspace trust bypass that let untrusted folders execute restricted commands, and fixes a cross-origin worker issue that could trigger unintended code execution. GitHub's security researchers filed the patches on July 14, and the development team moved fast enough to close them the same day.
What Actually Changed in the Code
Beyond the fixes, the underlying 1.128 update fundamentally changes how you interact with AI tools inside the editor. The new multi-chat agent sessions let you fork a main Claude conversation, run a parallel chat for tests, and branch off again, all within a single harness. You navigate between them with standard keyboard shortcuts depending on your OS. Next, the quick chat feature removes the workspace requirement entirely, letting you ask AI questions before even opening a project folder.
Copilot Vision landing as GA means you can paste images and PDFs directly into chat without jumping through beta portals. Microsoft confirmed the feature now works across Free, Pro, and Enterprise tiers with no admin policy tweaks required. The catch for Business and Enterprise users is that GitHub retains those attachments for roughly 24 hours before clearing them out. The VS Code team described the multi-chat update as a step toward an AI-native environment where you can juggle multiple agent threads without losing your place.
Enterprise IT gets the longer end of the stick with OpenTelemetry export management and BYOK model support. You can finally dictate where Copilot sends telemetry, force a custom endpoint model to use specific temperature values, or completely disable built-in utility models like commit message generation when running with your own API keys. The agents window also respects OS-level system shortcuts now, so you can summon it from any application without switching focus first.
It's a rather aggressive push toward a fully agentic workflow, though the learning curve for managing sampling parameters and telemetry endpoints might give pause to casual users. However, at the same time, the multi-chat navigation and quick chats lower the barrier for developers who just want to bounce ideas off an AI without booting a whole repo. The push for native agentic features puts Microsoft directly in the crosshairs with Cursor and Windsurf, both of which have spent years building their own multi-session architectures. It's a costly arms race for tooling vendors, and VS Code is finally answering with built-in Claude support and tighter telemetry controls.
The Patch Tuesday Reality Check
The rapid release of 1.128.1 highlights a common pattern with AI-heavy software updates. You get shiny multimodal features and enterprise telemetry controls, then a security review uncovers credential handling gaps and trust boundary leaks. Microsoft's team addressed all three issues within days, but it's a reminder that agentic IDEs are still figuring out their security posture as they scale.
You can grab the 1.128.1 update directly from the official download page for Windows x64, Mac Universal, or Linux archives. If you're on an existing 1.128 installation, the editor will prompt you to update automatically within the next sync cycle. Head here to track the individual commit fixes and contributor credits from the security review.
