Microsoft has released two security updates for Windows, in order to address the security issues in Windows Codecs library and the Visual Studio Code application. The two updates come after Microsoft released its monthly security patch last week. This month, Microsoft fixed 87 vulnerabilities in its Windows operating system for PCs. Both the new vulnerabilities in Windows Codecs library and Visual Studio Code application are ‘remote code execution’ flaws allowing attackers to execute code on impacted systems remotely.
The Windows Codec library bug has been identified as CVE-2020-17022. Microsoft has said that using this bug, the attacker can craft malicious images that, when processed by an app running on Windows, can allow an attacker to execute code on an unpatched Windows OS. All Windows 10 versions are impacted with this flaw. Microsoft said that an update for the Windows Codec library would be automatically installed on users’ computers via the Microsoft store. Only those who have installed the optional HEVC or “HEVC from Device Manufacturer media codes from the Microsoft Store have been affected. The HEVC is only available via the Microsoft Store, and even the library is not supported on Windows Server.
Users can check if they are using the HEVC code by going to Settings > Apps & Features > HEVC, Advanced Options.