Microsoft 2 Critical Updates Unplanned

Microsoft released two updates unprogrammed to address security issues in the Windows Codecs library and the Visual Studio Code application.

The two updates come after the monthly release of security updates last Tuesday, which corrected 87 vulnerabilities.

Both new vulnerabilities allow remote code execution.

The first error has been documented as CVE-2020-17022 and Microsoft states that attackers can create malicious images that, when processed by a Windows application, can allow an attacker to run code on of Windows.

All versions of Windows 10 are affected.

Microsoft has stated that an update to this library will be automatically installed on users' systems through the Microsoft Store.

Not all users are affected, but only those who have installed the optional HEVC or "HEVC from Device Manufacturer" media encoders from the Microsoft Store.

HEVC is only available through the Microsoft Store. This library is also not supported on Windows .

To check and see if you are using a vulnerable HEVC encoder, you can look in Settings, Applications and Features. Select HEVC, Advanced Options. Secure versions are 1.0.32762.0, 1.0.32763.0 or later.

The second error has been documented as CVE-2020-17023 and Microsoft reports that attackers can create malicious package.json which, when loaded into Visual Studio Code, can run malicious code.

Depending on the user's permissions, the attacker's code could run with administrative privileges and give them full control of an infected host .

Package.json files are regularly used with libraries and JavaScript projects. JavaScript, and especially Node.js server-side technology, is one of the most popular technologies today.

Of course, Visual Studio Code users are advised to update the application to the latest version as soon as possible.

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).