25.8 C
Thursday, October 22, 2020

Microsoft Fixes Two New Windows Bugs in Latest Security Update

Microsoft has released two security updates for Windows, in order to address the security issues in Windows Codecs library and the Visual Studio Code application. The two updates come after Microsoft released its monthly security patch last week. This month, Microsoft fixed 87 vulnerabilities in its Windows operating system for PCs. Both the new vulnerabilities in Windows Codecs library and Visual Studio Code application are ‘remote code execution’ flaws allowing attackers to execute code on impacted systems remotely.

The Windows Codec library bug has been identified as CVE-2020-17022. Microsoft has said that using this bug, the attacker can craft malicious images that, when processed by an app running on Windows, can allow an attacker to execute code on an unpatched Windows OS. All Windows 10 versions are impacted with this flaw. Microsoft said that an update for the Windows Codec library would be automatically installed on users’ computers via the Microsoft store. Only those who have installed the optional HEVC or “HEVC from Device Manufacturer media codes from the Microsoft Store have been affected. The HEVC is only available via the Microsoft Store, and even the library is not supported on Windows Server.

Users can check if they are using the HEVC code by going to Settings > Apps & Features > HEVC, Advanced Options.

The Visual Studio Code vulnerability, on the other hand has been identified as CVE-2020-17023. Microsoft said that attackers can craft malicious .json filed, which can execute malicious code when loaded in Visual Studio Code. Microsoft said that an attacker’s code could gain administrator privileges and all full control over an infected host, depending on a user’s permissions. The ‘.json’ files are regularly used with JavaScript libraries and projects. Users of the Visual Studio Code have been advised to update their app as soon as possible to the latest version.

Speak Your Mind


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get in Touch


Recommend for You

Aerosols vs. droplets: Researchers model the spread of the SARS-CoV-2 virus in various temperatures and relative humidities in typical indoor situations

Winter is on its way. And in this year of coronavirus, with it comes the potential for a second wave of COVID-19. Add in...

Turning diamond into metal: Normally an insulator, diamond becomes a metallic conductor when subjected to large strain in a new theoretical model

Long known as the hardest of all natural materials, diamonds are also exceptional thermal conductors and electrical insulators. Now, researchers have discovered a way...

Novel antiviral strategy for treatment of COVID-19

A research team led by Professor Hongzhe SUN, Norman & Cecilia Yip Professor in Bioinorganic Chemistry, Department of Chemistry, Faculty of Science, and Professor...

China hands out $1.5 million of its digital currency in one of the country’s biggest public tests

A Chinese clerk counts renminbi yuan banknotes at a bank in China on December 2015.Jie Zhao | Corbis News | Getty ImagesGUANGZHOU, China —...

Related Articles

In U.S.-China tech war, investors bet on China’s localisation...

SHANGHAI As the U.S.-China “tech war” widens, investors are betting on China’s efforts...

Facebook Messenger Gets a New Logo, Chat Themes, and...

Facebook Messenger is getting a new logo, chat themes, selfie stickers, and a vanish...

Facebook Announces Curbs On Internal Debate Of Political Issues

Facebook Inc on Thursday said it would update its internal discussion policies to impose...

Eyeing Amazon, Reliance buys Indian online pharmacy stake

Indian conglomerate Reliance has bought a majority stake in online...