India Markets closed

Microsoft Fixes Two New Windows Bugs in Latest Security Update

News18
·2-min read

Microsoft has released two security updates for Windows, in order to address the security issues in Windows Codecs library and the Visual Studio Code application. The two updates come after Microsoft released its monthly security patch last week. This month, Microsoft fixed 87 vulnerabilities in its Windows operating system for PCs. Both the new vulnerabilities in Windows Codecs library and Visual Studio Code application are 'remote code execution' flaws allowing attackers to execute code on impacted systems remotely.

The Windows Codec library bug has been identified as CVE-2020-17022. Microsoft has said that using this bug, the attacker can craft malicious images that, when processed by an app running on Windows, can allow an attacker to execute code on an unpatched Windows OS. All Windows 10 versions are impacted with this flaw. Microsoft said that an update for the Windows Codec library would be automatically installed on users' computers via the Microsoft store. Only those who have installed the optional HEVC or "HEVC from Device Manufacturer media codes from the Microsoft Store have been affected. The HEVC is only available via the Microsoft Store, and even the library is not supported on Windows Server.

Users can check if they are using the HEVC code by going to Settings > Apps & Features > HEVC, Advanced Options.

The Visual Studio Code vulnerability, on the other hand has been identified as CVE-2020-17023. Microsoft said that attackers can craft malicious .json filed, which can execute malicious code when loaded in Visual Studio Code. Microsoft said that an attacker's code could gain administrator privileges and all full control over an infected host, depending on a user's permissions. The '.json' files are regularly used with JavaScript libraries and projects. Users of the Visual Studio Code have been advised to update their app as soon as possible to the latest version.