Recently, Microsoft has found 2 serious remote code Windows vulnerabilities which could majorly affect the Windows Codecs Library and Visual Studio Code. Fortunately, the patches were quickly detected and resolved, before it could make an impact on the system.
Both the patches are defined as "important" by Microsoft and result in a 7.8 score out of 10, in the Common Vulnerabilities Scoring System. The patches were classified as "CVE-2020-17022- Codec Library" and "CVE-2020-17023- Visual Studio Code".
It is important to note that everyone is not a victim of these patches. It was observed that people running default Windows 10 at the general configurations don't get affected by the Codec Library vulnerability. Besides, users with installed optional HEVC (High-Efficiency Video Coding) or HEVC from Manufacturer, are found with the mentioned vulnerabilities. Moreover, systems with Windows 10, version 1709 or up are a part of the patches.
For the latter vulnerability, CVE-2020-17023 is a little tricky one with having users click on a malware .json file. The users need to duplicate the repository and review it in the Visual Studio Code. This way the patches will change to handle the .json files and fix the issue— explained by Microsoft.
"Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update,"
CISA (The United States Cyber security and Infrastructure Agency) has also appealed to people to update their systems accordingly.
Stay connected with ISOEH (Indian School of Ethical Hacking) and gets all the updated cyber security news.
Stay safe from the cyber-attacks!