Microsoft has released two security updates for Windows to address security issues with the Windows Codec Library and Visual Studio Code applications.

Microsoft has fixed two new Windows bugs with the latest security update

submited by
Style Pass
2020-10-20 06:54:39

Microsoft has released two security updates for Windows to address security issues with the Windows Codec Library and Visual Studio Code applications. The two updates will come after Microsoft released a monthly security patch last week. This month, Microsoft fixed 87 vulnerabilities in the Windows operating system for PCs. Both new vulnerabilities in the Windows codec library and the Visual Studio Code application are flaws in “remote code execution” that allow an attacker to execute code remotely on an affected system.

A bug in the Windows codec library has been identified as CVE-2020-17022. Microsoft states that the bug could allow an attacker to create a malicious image and process it in an app running on Windows to execute code on an unpatched Windows OS. All Windows 10 versions are affected by this flaw. According to Microsoft, Windows codec library updates are automatically installed on your computer through the Microsoft Store. Only users who have installed the optional HEVC or “Microsoft Store Device Manufacturer HEVC” media code will be affected. HEVC is only available from the Microsoft Store, and even libraries are not supported on Windows Server.

Meanwhile, the Visual Studio Code vulnerability has been identified as CVE-2020-17023. According to Microsoft, an attacker could create a malicious .json file that could execute malicious code when loaded into Visual Studio Code. According to Microsoft, the attacker’s code could gain administrator privileges and full control over the infected host, depending on the user’s privileges. The’.json’ file is used regularly in JavaScript libraries and projects. Visual Studio Code users are encouraged to update their apps to the latest version as soon as possible.

Leave a Comment