Microsoft Fixes Two New Windows Bugs in Latest Security Update

Microsoft has launched two safety updates for Windows, as a way to deal with the safety points in Windows Codecs library and the Visual Studio Code software. The two updates come after Microsoft launched its month-to-month safety patch final week. This month, Microsoft mounted 87 vulnerabilities in its Windows working system for PCs. Both the brand new vulnerabilities in Windows Codecs library and Visual Studio Code software are ‘distant code execution’ flaws permitting attackers to execute code on impacted techniques remotely.

The Windows Codec library bug has been recognized as CVE-2020-17022. Microsoft has stated that utilizing this bug, the attacker can craft malicious photos that, when processed by an app operating on Windows, can permit an attacker to execute code on an unpatched Windows OS. All Windows 10 variations are impacted with this flaw. Microsoft stated that an replace for the Windows Codec library could be mechanically put in on customers’ computer systems by way of the Microsoft retailer. Only those that have put in the non-compulsory HEVC or “HEVC from Device Manufacturer media codes from the Microsoft Store have been affected. The HEVC is just out there by way of the Microsoft Store, and even the library shouldn’t be supported on Windows Server.

Users can test if they’re utilizing the HEVC code by going to Settings > Apps & Features > HEVC, Advanced Options.

The Visual Studio Code vulnerability, then again has been recognized as CVE-2020-17023. Microsoft stated that attackers can craft malicious .json filed, which might execute malicious code when loaded in Visual Studio Code. Microsoft stated that an attacker’s code might acquire administrator privileges and all full management over an contaminated host, relying on a person’s permissions. The ‘.json’ information are repeatedly used with JavaScript libraries and tasks. Users of the Visual Studio Code have been suggested to replace their app as quickly as attainable to the newest model.

Source link


Please enter your comment!
Please enter your name here