Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Discovering two serious RCE vulnerabilities on Windows, Microsoft had to issue an emergency patch
Microsoft has just released two emergency updates to fix remote code execution (RCE) vulnerabilities that have just been discovered. These vulnerabilities affect the Microsoft Windows Codecs Library and Visual Studio Code.
The two vulnerabilities were codenamed CVE-2020-17022 and CVE-2020-17023 and were assessed as critically critical. Luckily, they have never been exploited by hackers.
FireEye Inc expert Dhanesh Kizhakkinan is the one reporting the CVE-2020-17022 vulnerability to Microsoft. Meanwhile, CVE-2020-17023 vulnerability was discovered by Jusstin Steven and reported to Microsoft.
CVE-2020-17022 affects all devices running Windows 10 version 1709 or higher and versions of the vulnerable Microsoft Windows Codecs Library. This vulnerability stems from the way the Windows Codecs Library treats objects in memory. To successfully exploit, the hacker will require the program to process a specially crafted image.
Microsoft says Windows 10 users won't be attacked if they keep the default settings. Meanwhile, users who have installed the optional HEVC or HEVC multimedia codec from the device manufacturer from the new Microsoft Store are vulnerable to attack.
If you have HEVC installed, you will need to update to the latest version. According to Microsoft, the safe HEVC version is 1.0.32762.0, 1.0.32763.0 and later.
The CVE-2020-17023 vulnerability will be triggered when the user opens the package.json file which is created in a special way to contain malicious code. The hacker can then perform a remote attack based on the current user's privileges.
If the user has administrative rights, the vulnerability CVE-2020-17023 also allows hackers to create fake administrator accounts on the device.
Microsoft says emergency patches for the two vulnerabilities will be automatically updated.
Isabella HumphreyYou should read it
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- Microsoft admits a new zero-day vulnerability threatens millions of Windows users
- Google has reported a zero-day vulnerability that has just appeared in Windows 7, Microsoft has not yet released a patch
- Steps to fix PrintNightmare vulnerability on Windows 10
- Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
May be interested
- Windows 10 KB4056892 emergency update (build 16299.192)
microsoft released a security update to minimize security vulnerabilities for intel, amd and arm processors, which could put millions of computers at risk. below is an emergency update of windows 10 kb4056892 (build 16299.192). - Microsoft fixes 61 vulnerabilities in latest Windows updatemicrosoft has released its monthly security update patch tuesday to fix 61 vulnerabilities across many software suites for windows.
- How to check if the computer has serious Windows 10 vulnerabilitiesrecently, the us national security agency (nsa) has detected a serious security hole on windows 10 and microsoft has also released a patch to fix it. bkav has also recently released a tool to help windows 10 users check if their computer has been patched for the nsacrypt flaw.
- Microsoft advises how to limit Excel vulnerabilitiescontrary to the predictions of security, microsoft has not released an emergency patch for the vulnerability - which is considered extremely serious. however, the software giant asserted 'actively building an update'.
- Microsoft released an emergency update that patched the blue screen when connecting to WiFi for Windows 10microsoft has just released the kb5001028 emergency update to fix a bug that causes windows 10 to blue screen when connected to wifi wpa3 networks. this error just appeared in cumulative update of windows 10 1909.
- Microsoft fixes 8 critical vulnerabilitieson june 13, microsoft issued eight security patches for vulnerabilities in windows operating systems, internet explorer, windows media player and office software.
- Windows Server has an urgent patch to fix Remote Desktop errorsusually at the beginning of the year and the end of the new year, major technology companies will not release operating system updates. however, microsoft has just released an urgent update to fix a bug on windows server that leads to connectivity and performance problems of the remote desktop feature.
- How to block Specter Variant 2 Patch on Windows 10microsoft has released a windows 10 kb4078130 update to disable patches for two meltdown and specter vulnerabilities that caused a reboot problem on some devices. however, if you do not want to waste storage space, users can adjust themselves without having to download additional kb4078130.
- Users should update Windows immediately to fix 33 vulnerabilitiesmicrosoft has just released the final patch tuesday patch for 2023 to fix 33 vulnerabilities, and recommends that users update windows immediately.
- Microsoft patched drive-by errors in Marchmicrosoft yesterday released three security updates that patch four vulnerabilities in windows and office.
Windows 10
- How to extract IMG files in Windows 10
- How to enable duplex printing in Windows 10
- Microsoft updated Patch Tuesday in October 2020, patching the 'Ping of Death' vulnerability on Windows 10
- How to remove recently added apps from the Windows 10 Start menu
- How to cancel scheduled Chkdsk activity in Windows 10
- How to fix OneDrive not starting in Windows 10
How to extract IMG files in Windows 10
How to enable duplex printing in Windows 10
Microsoft updated Patch Tuesday in October 2020, patching the 'Ping of Death' vulnerability on Windows 10
How to remove recently added apps from the Windows 10 Start menu
How to cancel scheduled Chkdsk activity in Windows 10
How to fix OneDrive not starting in Windows 10