Security News > 2020 > October > First, Patch Tuesday. Now, Oh Hell, Monday: Microsoft emits bonus fixes for Visual Studio, Windows 10 security bugs
Just days after issuing fixes for scores of bugs in its products for this month's Patch Tuesday, Microsoft has issued two more patches for security holes that can be exploited by maliciously crafted files to run malware on victims' computers.
The first, CVE-2020-17023, is a Visual Studio issue that allows for remote code execution after getting the target to click on a specially crafted package.
The US government's cyber-security agency emitted an alert about these two vulnerabilities, urging people to patch ASAP. In happier news, Redmond also released Azure Defender for IoT devices, which should keep the botnets slightly more under control.
If you haven't installed the latest Patch Tuesday fixes from Microsoft, and you're operating a SharePoint installation, there's one update you really should apply: CVE-2020-16952.
To the point... McAfee has technical details on the ICMPv6 remote-code-execution-or-crash bug in the Windows TCP/IP stack that Microsoft patched this week.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/19/security_in_brief/
Related news
- Windows 10 users urged to upgrade to avoid "security fiasco" (source)
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now (source)
- Microsoft: January Windows security updates break audio playback (source)
- Microsoft shares workaround for Windows security update issues (source)
- Microsoft February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16952 | Origin Validation Error vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. | 0.0 |
| 2020-10-16 | CVE-2020-17023 | Unspecified vulnerability in Microsoft Visual Studio Code <p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. | 0.0 |