Security News > 2020 > October > Microsoft Fixes RCE Flaws in Out-of-Band Windows Update
One flaw exists in Microsoft's Visual Studio Code is a free source-code editor made by Microsoft for Windows, Linux and macOS. The other is in the Microsoft Windows Codecs Library; the codecs module provides stream and file interfaces for transcoding data in Windows programs.
According to Microsoft, one "Important" severity flaw stems from the way that Microsoft Windows Codecs Library handles objects in memory.
"The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory," according to Microsoft.
"Affected customers will be automatically updated by Microsoft Store," according to Microsoft.
The fixes come days after Microsoft's October Patch Tuesday updates, during which it released fixes for 87 security vulnerabilities, 11 of them critical - and one potentially wormable.
News URL
https://threatpost.com/microsoft-rce-flaws-windows-update/160244/
Related news
- Microsoft: Some devices offered Windows 11 upgrades despite Intune blocks (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)
- Microsoft fixes Remote Desktop freezes caused by Windows updates (source)
- Microsoft pitches pay-to-patch reboot reduction subscription for Windows Server 2025 (source)
- Microsoft: Windows Server hotpatching to require subscription (source)
- Microsoft: Windows 11 24H2 updates fail with 0x80240069 errors (source)
- Microsoft: Windows 11 24H2 now ready to rollout to everyone (source)
- Microsoft silently fixes Start menu bug affecting Windows 10 PCs (source)
- Microsoft pushes fix for Windows 11 24H2 update failures (source)
- Microsoft unveils new AI agents that can modify Windows settings (source)