Security News > 2020 > October > Microsoft Fixes RCE Flaws in Out-of-Band Windows Update
One flaw exists in Microsoft's Visual Studio Code is a free source-code editor made by Microsoft for Windows, Linux and macOS. The other is in the Microsoft Windows Codecs Library; the codecs module provides stream and file interfaces for transcoding data in Windows programs.
According to Microsoft, one "Important" severity flaw stems from the way that Microsoft Windows Codecs Library handles objects in memory.
"The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory," according to Microsoft.
"Affected customers will be automatically updated by Microsoft Store," according to Microsoft.
The fixes come days after Microsoft's October Patch Tuesday updates, during which it released fixes for 87 security vulnerabilities, 11 of them critical - and one potentially wormable.
News URL
https://threatpost.com/microsoft-rce-flaws-windows-update/160244/
Related news
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Microsoft wants $30 if you want to delay Windows 11 switch (source)
- Microsoft delays Windows Recall again, now by December (source)
- Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns (source)
- Microsoft SharePoint RCE bug exploited to breach corporate network (source)
- Week in review: Windows Themes spoofing bug “returns”, employees phished via Microsoft Teams (source)
- Microsoft confirms Windows Server 2025 blue screen, install issues (source)
- Microsoft Notepad to get AI-powered rewriting tool on Windows 11 (source)
- Microsoft says recent Windows 11 updates break SSH connections (source)
- Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools (source)