Security News > 2020 > October > Microsoft Fixes RCE Flaws in Out-of-Band Windows Update
One flaw exists in Microsoft's Visual Studio Code is a free source-code editor made by Microsoft for Windows, Linux and macOS. The other is in the Microsoft Windows Codecs Library; the codecs module provides stream and file interfaces for transcoding data in Windows programs.
According to Microsoft, one "Important" severity flaw stems from the way that Microsoft Windows Codecs Library handles objects in memory.
"The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory," according to Microsoft.
"Affected customers will be automatically updated by Microsoft Store," according to Microsoft.
The fixes come days after Microsoft's October Patch Tuesday updates, during which it released fixes for 87 security vulnerabilities, 11 of them critical - and one potentially wormable.
News URL
https://threatpost.com/microsoft-rce-flaws-windows-update/160244/
Related news
- Microsoft: Windows 11 22H2 reaches end of service in October (source)
- Microsoft fixes Windows 11 bug causing reboot loops, taskbar freezes (source)
- Microsoft fixes bug causing Windows Update automation issues (source)
- June Windows Server updates break Microsoft 365 Defender features (source)
- Microsoft shares temp fix for Windows 11 Photos not launching (source)
- Microsoft announces new Windows 'checkpoint' cumulative updates (source)
- Microsoft: Windows 11 23H2 now available for all eligible devices (source)
- Microsoft fixes bug blocking Windows 11 Photos from starting (source)
- Microsoft confirms CrowdStrike update also hit Windows 365 PCs (source)
- Microsoft releases Windows repair tool to remove CrowdStrike driver (source)