Skip to main content
PDQ.com mobilePDQ.com desktop
Support

Microsoft Out-of-Band Patches For October 16th

Jordan HammondJordan Hammond
·

It looks like the 87 CVE’s closed this patch Tuesday was not quite enough. Microsoft has just released two out-of-band patches. While these are both remote code execution bugs, they are not a threat to your machines out of the box. 

CVE-2020-17022

This patch can impact any windows 10 machine over 1709, but only if you have installed the HEVC codec on your system. It allows a hacker to run code by exploiting how the image is loaded in memory. This would allow them to run code against the machine that was being attacked.

CVE-2020-17023

This patch impacts Visual Studio Code. If a hacker could convince a user to clone a bad repository, they would be able to execute malicious code when they opened a corrupted package.json file. This issue was attempted to be patched back in September with CVE-2020-16881. Justin Steven found issues with this patch, and the newer update seems to use his recommendations on how to fix it.

Conclusion

Neither of these is known to be currently exploited in the wild. You will not need to take any action on these to get your systems protected. They will be installed automatically if your system is at risk.

Ready to get started with PDQ Deploy & Inventory? Work less, automate more.

Start your 14-day free trial
Sign up in seconds

Don't miss the next post!

November 2020 Patch Tuesday Vulnerabilities

November 2020 Patch Tuesday Updates and Vulnerabilities

PDQ.com
© 2020 PDQ.com Corporation

Products

  • PDQ Deploy
  • PDQ Inventory
  • PDQ Link
  • Enterprise SL
  • Pricing
  • Downloads
  • Licensing
  • Buy