Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Thursday July 02 2020, @09:57AM   Printer-friendly
from the hole-plugging dept.

Unscheduled fixes released for critical flaw in optional Windows codec

Microsoft has published unscheduled fixes for two critical vulnerabilities that make it possible for attackers to execute malicious code on computers running any version of Windows 10.

Unlike the vast majority of Windows patches, the ones released on Tuesday were delivered through the Microsoft Store. The normal channel for operating System security fixes is Windows Update. Advisories here and here said users need not take any action to automatically receive and install the fixes.

Also at:
Microsoft issues critical fixes for booby-trapped images – update now!


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by driverless on Thursday July 02 2020, @11:30AM (2 children)

    by driverless (4770) on Thursday July 02 2020, @11:30AM (#1015342)

    Microsoft Store ... Microsoft Store ... Microsoft Store ... Microsoft Store

    So in other words anyone who's disabled that shit doesn't need to use that shit to fix the holes in that shit. QED.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 3, Informative) by Freeman on Thursday July 02 2020, @02:22PM (1 child)

    by Freeman (732) on Thursday July 02 2020, @02:22PM (#1015398) Journal

    No, they released the update via Microsoft Store. As far as I understand it, the exploit isn't limited to Microsoft Store apps.

    --
    Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
    • (Score: 5, Interesting) by driverless on Thursday July 02 2020, @02:31PM

      by driverless (4770) on Thursday July 02 2020, @02:31PM (#1015402)

      Could be, but the article makes it out to be a Store circular problem:

      They posited that that the update involved HEVC codecs, which are used in a Windows extension available from the Microsoft Store.

      So you need a Store update to fix a Store problem caused by the Store.

      “That library is responsible for parsing HEIC images with HEVC codec. That library (extension) is available through the Windows Store. And since it's a media codec downloaded from the Windows Store, I assume MS updated it through the Windows Store and not the Windows Update.”