Security News > 2020 > October > First, Patch Tuesday. Now, Oh Hell, Monday: Microsoft emits bonus fixes for Visual Studio, Windows 10 security bugs
Just days after issuing fixes for scores of bugs in its products for this month's Patch Tuesday, Microsoft has issued two more patches for security holes that can be exploited by maliciously crafted files to run malware on victims' computers.
The first, CVE-2020-17023, is a Visual Studio issue that allows for remote code execution after getting the target to click on a specially crafted package.
The US government's cyber-security agency emitted an alert about these two vulnerabilities, urging people to patch ASAP. In happier news, Redmond also released Azure Defender for IoT devices, which should keep the botnets slightly more under control.
If you haven't installed the latest Patch Tuesday fixes from Microsoft, and you're operating a SharePoint installation, there's one update you really should apply: CVE-2020-16952.
To the point... McAfee has technical details on the ICMPv6 remote-code-execution-or-crash bug in the Windows TCP/IP stack that Microsoft patched this week.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/19/security_in_brief/
Related news
- Windows 10 KB5041580 update released with 14 fixes, security updates (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Week in review: Vulnerability allows Yubico security keys cloning, Patch Tuesday forecast (source)
- Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws (source)
- Windows 10 KB5043064 update released with 6 fixes, security updates (source)
- Patch Tuesday for September 2024: Microsoft Catches Four Zero-Day Vulnerabilities (source)
- Microsoft says it broke some Windows 10 patching – as it fixes flaws under attack (source)
- Microsoft confirms IE bug squashed in Patch Tuesday was exploited zero-day (source)
- Bad apps bypass Windows security alerts for six years using newly unveiled trick (source)
- Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16952 | Origin Validation Error vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. | 8.6 |
| 2020-10-16 | CVE-2020-17023 | Unspecified vulnerability in Microsoft Visual Studio Code <p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. | 7.8 |