Microsoft Releases Emergency Patches to Resolve Two RCE Flaws

Despite Microsoft publishing this month’s Patch Tuesday fixes on October 13, the company has published two more emergency updates on October 15, this time in an attempt to resolve remote code execution vulnerabilities hitting the Windows Codecs Library and Visual Studio Code. One of the first to announce the availability of the new updates was the United States Department of Homeland Security’s CISA, which published an advisory on its website to recommend administrators to patch their devices as soon as possible. “Microsoft has released security updates to address remote code execution vulnerabilities affecting Windows Codecs Library and Visual Studio Code. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft security advisories for CVE-2020-17022 and CVE-2020-17023 and apply the necessary updates,” CISA said. Th...