Domain Registration
  1. Home
  2. Breaking News
  3. Microsoft releases emergency security updates for Windows and Visual Studio

Microsoft releases emergency security updates for Windows and Visual Studio

  • October 17, 2020
windows.png

Microsoft has published today two out-of-band security updates to address security issues in the Windows Codecs library and the Visual Studio Code application.



Windows 10 security: ‘So good, it can block zero-days without being patched’

Systems running the Windows 10 Anniversary Update were shielded from two exploits even before Microsoft had issued patches for them, its researchers have found.

Read More

The two updates come as late arrivals after the company released its monthly batch of security updates earlier this week, on Tuesday, patching 87 vulnerabilities this month.

Both new vulnerabilities are “remote code execution” flaws, allowing attackers to execute code on impacted systems.

Windows Codecs Library vulnerability

The first bug is tracked as CVE-2020-17022. Microsoft says that attackers can craft malicious images that, when processed by an app running on top of Windows, can allow the attacker to execute code on an unpatched Windows OS.

All Windows 10 versions are impacted.

Microsoft said an update for this library would be automatically installed on user systems via the Microsoft Store.

Not all users are impacted, but only those who have installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store.

HEVC is not available for offline distribution and is only available via the Microsoft Store. The library is also not supported on Windows Server.

To check and see if you’re using a vulnerable HEVC codec, users can go to Settings, Apps Features, and select HEVC, Advanced Options. The secure versions are 1.0.32762.0, 1.0.32763.0, and later.

Visual Studio Code vulnerability

The second bug is tracked as CVE-2020-17023. Microsoft says attackers can craft malicious package.json files that, when loaded in Visual Studio Code, can execute malicious code.

Depending on the user’s permissions, an attacker’s code could execute with administrator privileges and allow them full control over an infected host.

Package.json files are regularly used with JavaScript libraries and projects. JavaScript, and especially its server-side Node.js technology, are one of today’s most popular technologies.

Visual Studio Code users are advised to update the app as soon as possible to the latest version.































Article source: https://www.zdnet.com/article/microsoft-releases-emergency-security-updates-for-windows-and-visual-studio/#ftag=RSSbaffb68

Related News

Search

Get best offer

Booking.com

Top Suggestion

Best WordPress Plugin Development Company
Website Development Company
Website Designing Company
eCommerce Development Company
Top SEO Service Provider
WordPress Development
WordPress Development
PSD to WordPress
HTML to WordPress
Theme Customization
WordPress Plugin Customization

%d bloggers like this: