According to a message released by the Microsoft Security Response Center, Windows Codecs and Visual Studio Code code editors have high-risk security vulnerabilities.
Windows Codecs mainly refers to the various media codecs pre-installed in the system. The codec that has the vulnerability (CVE-2020-17022) this time is the codec of HEVC video.
The HEVC video codec is currently automatically installed on supported Windows 10. The good news is that the HEVC extension itself is automatically updated through the Microsoft Store.
According to Microsoft, the security flaw in the codec affects all versions of Windows 10. Attackers can create malicious images to exploit this security flaw.
Successfully exploiting this vulnerability can execute arbitrary code, so the vulnerability level is serious. The CVSS score of this vulnerability is 7.8 points, so the harm is really high.
It is worth noting that the Microsoft Store provides two HEVC video extension codecs, but no matter which one is installed, there will be loopholes, so users need to upgrade to the new version.
Considering that the Microsoft Store automatically opens the update, the current user’s HEVC should have been updated. If you are worried, you can check the update record in the store.
Visual Studio Code is an open-source code editor launched by Microsoft. This code editor is relatively popular among developers.
This time the code editor has a security vulnerability (CVE-2020-17023). The attacker uses a specially crafted .JSON file to induce developers to load it and execute arbitrary code via the vulnerability.
If the developer uses the administrator authority to load the Visual Studio Code, the degree of the harm will increase sharply, and the developer is also reminded not to use the administrator authority to load Visual Studio Code if it is not necessary.
For the security vulnerability of the Visual Studio Code, you can click here to view the details. Developers can open Visual Studio Code and click Check for updates in the top help to upgrade to the latest version.