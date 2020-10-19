Microsoft has just released two new Windows 10 updates urgently. They fix security vulnerabilities that affect the Windows Codecs Library and Visual Studio code.

The situation is interesting as these two security updates land just days after the giant’s major maintenance. The October Patch Tuesday took place on October 13th. The software giant uses patches to fix so-called “remote code execution” vulnerabilities. It hits two components, namely the Windows Codecs Library and Visual Studio Code.

The availability of these updates has been announced by CISA. The Agency for Cybersecurity and Infrastructure Security is affiliated with the US Department of Homeland Security. The announcement was made through a notice on the website. He recommends administrators patch their devices as soon as possible. We can read

“Microsoft has released security updates to address remote code execution vulnerabilities in the Windows Codecs Library and Visual Studio code. An attacker could exploit these vulnerabilities to take control of an affected system. CISA encourages users and administrators to read Microsoft Security Advisory CVE-2020-17022 and CVE-2020-17023 and apply any necessary updates. “

These new CVE notices were released by Microsoft on October 15th.

Windows 10 and CVE-2020-17022 / CVE-2020-17023

These new CVE notices were released by Microsoft on October 15th.

CVE-2020-17022 – Remote Code Execution Vulnerability in Microsoft Windows Codecs Library CVE-2020-17023 – Remote Code Execution Vulnerability in Visual Studio JSON

In the first case, Microsoft states that the attacker must convince his victim to open a specially crafted file. Any code can be executed in this case. The update provides a solution by changing the way the library handles objects in memory. This vulnerability affects all versions of Windows 10, including the May 2020 update. This is an “Important” security issue.

Regarding the Visual Studio Code Vulnerability, a successful attack requires a malicious package.json file to run. Although this is obviously a more complex attack, the attacker can take control of the system if the prerequisites are met. The victim must be logged in with administrator rights. The hacker can then install programs, view, change, delete data and create new accounts with full user rights.

This mistake is also considered important. The good news is that no attack is known to exploit these flaws.