A few days ago, we reported here that Microsoft launched what is called Patch Tuesday, for this month of October 2020. However, the company announced yesterday that it has fixed two serious security holes in Windows that allow users malicious people to take control of the third party system. These two vulnerabilities are directly associated with the HEVC and Visual Studio Code codecs.
The first case is identified with CVE-2020-17022, and can be found in the Microsoft Windows Codec Library and in How to Handle Files in Memory; the operation essentially requires the processing of an image file – specially packaged – which allows the execution of arbitrary code. Microsoft has already released an update that can be downloaded directly from the Store to find the latest version of the HEVC codec.
The second security flaw, identified as CVE-2020-17023, concerns Visual Studio Code and more specifically the management of JSON files. The vulnerability, in this case, is very easy to exploit: the user only needs to open an infected JSON file to allow third parties to take complete control of the system remotely.
Microsoft fixes two serious security flaws in Windows
The last Patch Tuesday fixed several issues on Windows systems: in addition to the ones shown above, Microsoft had to fix another serious Outlook flaw (CVE-2020-16947) which essentially allowed it to take control of the machine simply by previewing an infected attachment. This vulnerability affects certain versions of Outlook and in particular accounts with administrator privileges.
Help us grow, visit our Facebook page and leave your taste, to have access to all the information first hand. And if you liked the article, don’t forget to share it with your friends. Also follow us on Google News, select us among your favorites by clicking on the star.
Founder of Noticias e Tecnologia, and this is his second online project, after several years connected to a portal focused on the Android system, of which he was also one of its founders.
IT professional and passionate about new technologies, mechanical sports and mountain biking.