Today, Microsoft released two out of band security updates, focusing on fixing security issues in Windows codecs library and visual studio code applications. These two exception security updates were released after the active day of the Patch Tuesday this month, mainly fixing the “remote code execution” vulnerability in the two products, allowing attackers to remotely execute code on the affected device. < / P > < p > the first error is marked as cve-2020-17022. Microsoft said that attackers can remotely execute code on an unrepaired device by creating an image containing a malicious program when the image is processed by a Windows application. Microsoft said that updates to the windows codecs library will be automatically installed in the user’s system through the Microsoft Store. < / P > < p > not all users will be affected, only users with Microsoft Store optional hevc or “hevc from device manufacturer” media codec installed will be affected. Hevc is not available for offline distribution and can only be used through the Microsoft Store. Windows server also does not support the library. < / P > < p > the second error is marked as cve-2020-17023. Microsoft says attackers can create malicious package.json Files that can execute malicious code when loaded into visual studiocode. Based on the user’s privileges, the attacker’s code can be executed with administrator privileges and allow them to take full control of the infected host. Package.json Files are often used with JavaScript libraries and projects. The release and download schedule of Microsoft Flight Simulation varies from region to region

By ibmwl