Unscheduled fixes released for critical flaw in optional Windows codec

[InfoSec News <alerts () infosecnews org>]

https://arstechnica.com/information-technology/2020/07/unscheduled-fixes-for-critical-windows-flaws-delivered-through-rare-channel/

By Dan Goodin
Ars Technica
July 1, 2020

Microsoft has published unscheduled fixes for two vulnerabilities, one of them 
with a severity rating of critical, that make it possible for attackers to 
execute malicious code on computers running any version of Windows 10.

Unlike the vast majority of Windows patches, the ones released on Tuesday were 
delivered through the Microsoft Store. The normal channel for operating System 
security fixes is Windows Update. Advisories here and here said users need not 
take any action to automatically receive and install the fixes.

“Affected customers will be automatically updated by Microsoft Store. Customers 
do not need to take any action to receive the update,” both advisories said. 
“Alternatively, customers who want to receive the update immediately can check 
for updates with the Microsoft Store App; more information on this process can 
be found here.”

When I checked both the Microsoft Store and the Windows Update on my Windows 10 
laptop, however, I saw no confirmation that the patch had been installed. 
Normally, Windows 10 users can use the Windows Update tab within the Update and 
Security settings section to ensure patches have been installed. The link 
provided in the advisories offered no clarity. Microsoft representatives didn’t 
immediately respond to questions for clarification.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
Follow InfoSec News on Twitter
https://twitter.com/infosecnews_
Follow InfoSec News on LinkedIn
https://www.linkedin.com/company/infosecnews/