Security News > 2020 > October > First, Patch Tuesday. Now, Oh Hell, Monday: Microsoft emits bonus fixes for Visual Studio, Windows 10 security bugs
Just days after issuing fixes for scores of bugs in its products for this month's Patch Tuesday, Microsoft has issued two more patches for security holes that can be exploited by maliciously crafted files to run malware on victims' computers.
The first, CVE-2020-17023, is a Visual Studio issue that allows for remote code execution after getting the target to click on a specially crafted package.
The US government's cyber-security agency emitted an alert about these two vulnerabilities, urging people to patch ASAP. In happier news, Redmond also released Azure Defender for IoT devices, which should keep the botnets slightly more under control.
If you haven't installed the latest Patch Tuesday fixes from Microsoft, and you're operating a SharePoint installation, there's one update you really should apply: CVE-2020-16952.
To the point... McAfee has technical details on the ICMPv6 remote-code-execution-or-crash bug in the Windows TCP/IP stack that Microsoft patched this week.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/19/security_in_brief/
Related news
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws (source)
- Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 89 flaws (source)
- Microsoft slips Task Manager and processor count fixes into Patch Tuesday (source)
- Microsoft just killed the Windows 10 Beta Channel again (source)
- Microsoft just killed the Windows 10 Beta Channel for good (source)
- Microsoft plans to boot security vendors out of the Windows kernel (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16952 | Origin Validation Error vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. | 8.6 |
| 2020-10-16 | CVE-2020-17023 | Unspecified vulnerability in Microsoft Visual Studio Code <p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. | 7.8 |