Microsoft issued out-of-bound patches for bugs in Microsoft Windows Codecs Library and Visual Studio Code that could enable an attacker to launch a remote code execution (RCE) attack. The fixes come just days after Microsoft patched 87 bugs in its regular Patch Tuesday security update.
More:
- The Cybersecurity and Infrastructure Security Agency (CISA) issued an alert that encourages users and administrators to apply the Microsoft patches.
- Justin Steven, who reported the Visual Studio Code flaw, tweeted that the problem stems from a bypass of a previously deployed patch for an RCE flaw in Visual Studio Code.
- The exploitation of the Windows Codes Library requires a program to process a specially crafted image file.
TO KEEP UPDATE WITH SECURITY PATCHES FROM LEADING VENDORS, CHECK OUT MY WEEKLY PATCH WATCH COLUMN. To read more, Click here to upgrade to premium!
