Security News > 2020 > October > Microsoft Fixes RCE Flaws in Out-of-Band Windows Update
One flaw exists in Microsoft's Visual Studio Code is a free source-code editor made by Microsoft for Windows, Linux and macOS. The other is in the Microsoft Windows Codecs Library; the codecs module provides stream and file interfaces for transcoding data in Windows programs.
According to Microsoft, one "Important" severity flaw stems from the way that Microsoft Windows Codecs Library handles objects in memory.
"The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory," according to Microsoft.
"Affected customers will be automatically updated by Microsoft Store," according to Microsoft.
The fixes come days after Microsoft's October Patch Tuesday updates, during which it released fixes for 87 security vulnerabilities, 11 of them critical - and one potentially wormable.
News URL
https://threatpost.com/microsoft-rce-flaws-windows-update/160244/
Related news
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
- Microsoft adds another problem to the Windows 11 24H2 naughty list (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)