Microsoft has published today two out-of-band security updates to address security issues in the Windows Codecs library and the Visual Studio Code application.
The two updates come as late arrivals after the company released its monthly batch of security updates earlier this week, on Tuesday, patching 87 vulnerabilities this month.
Both new vulnerabilities are “remote code execution” flaws, allowing attackers to execute code on impacted systems.
Windows Codecs Library vulnerability
The first bug is tracked as CVE-2020-17022. Microsoft says that attackers can craft malicious images that, when processed by an app running on top of Windows, can allow the attacker to execute code on an unpatched Windows OS.
All Windows 10 versions are impacted.
Microsoft said an update for this library would be automatically installed on user systems via the Microsoft Store.
Not all users are impacted, but only those who have installed the optional HEVC or “HEVC