Microsoft releases emergency update.
Security is one of the fundamental issues for Microsoft in Windows 10. In fact, since it was launched, the company has changed its upgrade methods. In fact, previously security updates were released on the second Tuesday of every month. Recently, important security updates will be released as soon as they are available. In this opportunity, Microsoft releases updates for Windows 10 and Visual Studio. The aim is to mitigate two serious vulnerabilities. In addition, this update comes after the most recent update for insiders. It puts an end to 87 vulnerabilities present in the operating system. Well, read on to see why Microsoft releases an emergency update for Windows 10 and Visual Studio.
The latest security hole in Windows 10 is caused by the HEVC codec.
The first error is listed as CVE-2020-17022, and affects all versions of Windows 10. Microsoft indicates that attackers can use image files. Consequently, when opened by a Windows app, attackers can execute malicious code remotely. Specifically, it affects images that use the HEVC codec. This update will not arrive through Windows Update. On the contrary, it will be done through the Microsoft Store. The store will update the device manufacturer’s HEVC application. Therefore, only those using this codec are affected. As this is a Store application, Windows Server editions are not affected.
To check if the system is affected, you must follow the following path:Windows Settings>Apps>HEVC >Advanced Options. Once there, please check if you have versions 1.0.32762.0, 1.0.32763.0 and later. These are the patched versions. If not, please hurry to update the system.
Malicious code execution in Visual Studio
The second major vulnerability, named CVE-2020-17023, is in Visual Studio. The company indicates that attackers can introduce malicious code into the package.json files. Consequently, when loaded into Visual Studio, they can execute this code to infect the computer with any type of malware. Depending on the user permissions, the attacker code can be executed with administrator permissions. Consequently, you have complete control over the infected computer. Package.json files are especially used in JavaScript projects and libraries. On the other hand, this language and its Node.js server technology are among the most popular technologies today.
Finally, we see how the attackers refine their security threats. For that reason, Microsoft releases an emergency update for Windows 10 and Visual Studio. Once again, the key is the common sense and intelligence of the user. That is, the system should certainly protect from any attack. However, most of the damages are caused by the user’s negligence. That’s why, when using Windows you must follow elementary security rules. For example, downloads should be made from official sites. In addition, depending on the needs of use, Windows Defender can be complemented with a good antivirus. All right, that’s it for today. If you want to know the latest in computer security, keep an eye on our updates. See you soon!
