Microsoft issued out-of-bound patches for bugs in Microsoft Windows Codecs Library and Visual Studio Code that could enable an attacker to launch a remote code execution (RCE) attack. The fixes come just days after Microsoft patched 87 bugs in its regular Patch Tuesday security update.
- The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert that encourages users and administrators to apply the Microsoft patches.
- Justin Steven, who reported the Visual Studio Code flaw, tweeted that the problem stems from a bypass of a previously deployed patch for an RCE flaw in Visual Studio Code.
- The exploitation of the Windows Codes Library requires a program to process a specially crafted image file.