Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Discovering two serious RCE vulnerabilities on Windows, Microsoft had to issue an emergency patch
Microsoft has just released two emergency updates to fix remote code execution (RCE) vulnerabilities that have just been discovered. These vulnerabilities affect the Microsoft Windows Codecs Library and Visual Studio Code.
The two vulnerabilities were codenamed CVE-2020-17022 and CVE-2020-17023 and were assessed as critically critical. Luckily, they have never been exploited by hackers.
FireEye Inc expert Dhanesh Kizhakkinan is the one reporting the CVE-2020-17022 vulnerability to Microsoft. Meanwhile, CVE-2020-17023 vulnerability was discovered by Jusstin Steven and reported to Microsoft.
Discovering two serious RCE vulnerabilities on Windows, Microsoft had to issue an emergency patch Picture 1
CVE-2020-17022 affects all devices running Windows 10 version 1709 or higher and versions of the vulnerable Microsoft Windows Codecs Library. This vulnerability stems from the way the Windows Codecs Library treats objects in memory. To successfully exploit, the hacker will require the program to process a specially crafted image.
Microsoft says Windows 10 users won't be attacked if they keep the default settings. Meanwhile, users who have installed the optional HEVC or HEVC multimedia codec from the device manufacturer from the new Microsoft Store are vulnerable to attack.
If you have HEVC installed, you will need to update to the latest version. According to Microsoft, the safe HEVC version is 1.0.32762.0, 1.0.32763.0 and later.
The CVE-2020-17023 vulnerability will be triggered when the user opens the package.json file which is created in a special way to contain malicious code. The hacker can then perform a remote attack based on the current user's privileges.
If the user has administrative rights, the vulnerability CVE-2020-17023 also allows hackers to create fake administrator accounts on the device.
Microsoft says emergency patches for the two vulnerabilities will be automatically updated.
Isabella HumphreyYou should read it
- Microsoft urgently patched zero-day vulnerability after 2 years of refusing to acknowledge it
- Microsoft urges Admin to patch PowerShell vulnerability on Windows
- 'Printer Catastrophe' Vulnerability Threatens All Versions of Windows
- New zero-day vulnerability warning in Windows Search, Windows protocol nightmare getting worse
- Detects a vulnerability that threatens all Windows computers shipped from 2012 up to now
- Microsoft admits a new zero-day vulnerability threatens millions of Windows users
- Google has reported a zero-day vulnerability that has just appeared in Windows 7, Microsoft has not yet released a patch
- Steps to fix PrintNightmare vulnerability on Windows 10
- Detecting zero-day vulnerability in the Dropbox 10 Windows app, users pay attention!
- Detected a serious zero-day vulnerability in Microsoft Office, click the document file and it will stick
- Serious warning about Windows WMF vulnerability
- Microsoft fixes a serious vulnerability that has existed for 17 years in Windows Server
Maybe you are interested
How to take a screenshot of the entire web page on Microsoft Edge
How to translate a web page on Microsoft Edge
Microsoft DirectML now supports PC Copilot+ and WebNN
Microsoft sparks outrage by renaming Remote Desktop app on some platforms
Microsoft: Personnel in the AI field have salaries much higher than average
Microsoft is bringing annoying ads in the Windows 11 Start menu to Windows 10
Windows 10
How to extract IMG files in Windows 10- How to enable duplex printing in Windows 10
- Microsoft updated Patch Tuesday in October 2020, patching the 'Ping of Death' vulnerability on Windows 10
- How to remove recently added apps from the Windows 10 Start menu
- How to cancel scheduled Chkdsk activity in Windows 10
- How to fix OneDrive not starting in Windows 10
How to extract IMG files in Windows 10
How to enable duplex printing in Windows 10
Microsoft updated Patch Tuesday in October 2020, patching the 'Ping of Death' vulnerability on Windows 10
How to remove recently added apps from the Windows 10 Start menu
How to cancel scheduled Chkdsk activity in Windows 10
How to fix OneDrive not starting in Windows 10