Security News > 2020 > October > First, Patch Tuesday. Now, Oh Hell, Monday: Microsoft emits bonus fixes for Visual Studio, Windows 10 security bugs
Just days after issuing fixes for scores of bugs in its products for this month's Patch Tuesday, Microsoft has issued two more patches for security holes that can be exploited by maliciously crafted files to run malware on victims' computers.
The first, CVE-2020-17023, is a Visual Studio issue that allows for remote code execution after getting the target to click on a specially crafted package.
The US government's cyber-security agency emitted an alert about these two vulnerabilities, urging people to patch ASAP. In happier news, Redmond also released Azure Defender for IoT devices, which should keep the botnets slightly more under control.
If you haven't installed the latest Patch Tuesday fixes from Microsoft, and you're operating a SharePoint installation, there's one update you really should apply: CVE-2020-16952.
To the point... McAfee has technical details on the ICMPv6 remote-code-execution-or-crash bug in the Windows TCP/IP stack that Microsoft patched this week.
News URL
https://go.theregister.com/feed/www.theregister.com/2020/10/19/security_in_brief/
Related news
- Microsoft plans to boot security vendors out of the Windows kernel (source)
- Microsoft announces new and improved Windows 11 security features (source)
- Microsoft Launches Windows Resiliency Initiative to Boost Security and System Integrity (source)
- Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls (source)
- Security? We've heard of it: How Microsoft plans to better defend Windows (source)
- Microsoft says premature patch could make Windows Recall forget how to work (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Microsoft holds last Patch Tuesday of the year with 72 gifts for admins (source)
- Patch Tuesday: Microsoft Patches One Actively Exploited Vulnerability, Among Others (source)
- What Is Patch Tuesday? Microsoft’s Monthly Update Explained (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-16 | CVE-2020-16952 | Origin Validation Error vulnerability in Microsoft products <p>A remote code execution vulnerability exists in Microsoft SharePoint when the software fails to check the source markup of an application package. | 0.0 |
| 2020-10-16 | CVE-2020-17023 | Unspecified vulnerability in Microsoft Visual Studio Code <p>A remote code execution vulnerability exists in Visual Studio Code when a user is tricked into opening a malicious 'package.json' file. | 0.0 |