Microsoft has released two security updates for Windows to address security issues with the Windows Codec Library and Visual Studio Code applications. The two updates will come after Microsoft released a monthly security patch last week. This month, Microsoft fixed 87 vulnerabilities in the Windows operating system for PCs. Both new vulnerabilities in the Windows codec library and the Visual Studio Code application are flaws in “remote code execution” that allow an attacker to execute code remotely on an affected system.
A bug in the Windows codec library has been identified as CVE-2020-17022. Microsoft states that the bug could allow an attacker to create a malicious image and process it in an app running on Windows to execute code on an unpatched Windows OS. All Windows 10 versions are affected by this flaw. According to Microsoft, Windows codec library updates are automatically installed on your computer through the Microsoft Store. Only users who have installed the optional HEVC or “Microsoft Store Device Manufacturer HEVC” media code will be affected. HEVC is only available from the Microsoft Store, and even libraries are not supported on Windows Server.