Microsoft has released two out of band security updates to address security issues for the Windows Codec Library and the Visual Studio Code application. Both updates come after the company released its monthly batch of security updates last Tuesday, fixing 87 vulnerabilities this month.
Both of these new vulnerabilities are “remote code execution” vulnerabilities, allowing attackers to execute code on affected systems.
Windows Codec Library Vulnerability
The first bug is tracked as CVE-2020-17022. Microsoft claims that attackers can create malicious images which, when processed by an application running on Windows, can allow the attacker to execute code on an unpatched Windows operating system.
All versions of Windows 10 are affected. Microsoft has stated that an update for this library will be automatically installed on users’ systems through the Microsoft Store.
Not all users are affected, but only those who have installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store. HEVC is not available for offline distribution and is only available through the Microsoft Store. The library is also not supported on Windows Server.
To check and see if you are using a vulnerable HEVC codec, users can go to Settings, Apps ; Features, and select HEVC, Advanced Options. The secure versions are 1.0.32762.0, 1.0.32763.0 and later.
Visual Studio code vulnerability
The second bug is tracked as CVE-2020-17023. Microsoft claims that attackers can create malicious packet .json files which, when loaded into Visual Studio code, can execute malicious code.
Depending on the user’s permissions, an attacker’s code could run with the privileges of an administrator and allow him full control of an infected host. Package.json files are regularly used with JavaScript libraries and projects. JavaScript, and in particular its server-side Node.js technology, is one of the most popular technologies today.
Visual Studio Code users are advised to update the app as soon as possible to the latest version.
Source : “ZDNet.com”
(function(d, s, id) var js, fjs = d.getElementsByTagName(s)[0]; if (d.getElementById(id)) return; js = d.createElement(s); js.id = id; js.src = "https://connect.facebook.net/fr_FR/all.js#appId=243265768935&xfbml=1"; fjs.parentNode.insertBefore(js, fjs); (document, 'script', 'facebook-jssdk'));
Source link by https://www.zdnet.fr/actualites/microsoft-publie-des-mises-a-jour-de-securite-d-urgence-pour-windows-et-visual-studio-39911533.htm
*The article has been translated based on the content of Source link by https://www.zdnet.fr/actualites/microsoft-publie-des-mises-a-jour-de-securite-d-urgence-pour-windows-et-visual-studio-39911533.htm
. If there is any problem regarding the content, copyright, please leave a report below the article. We will try to process as quickly as possible to protect the rights of the author. Thank you very much!
*We just want readers to access information more quickly and easily with other multilingual content, instead of information only available in a certain language.
*We always respect the copyright of the content of the author and always include the original link of the source article.If the author disagrees, just leave the report below the article, the article will be edited or deleted at the request of the author. Thanks very much! Best regards!
These were the details of the news Microsoft releases emergency security updates for Windows and Visual Studio for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at en24news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.