Microsoft has released security updates to address remote code execution vulnerabilities affecting Windows Codecs Library and Visual Studio Code. An attacker could exploit these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review the Microsoft security advisories for [CVE-2020-17022](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17022>) and [CVE-2020-17023](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-17023>) and apply the necessary updates. This product is provided subject to this Notification and this [Privacy & Use](<https://www.dhs.gov/privacy-policy>) policy. **Please share your thoughts.** We recently updated our anonymous [product survey](<https://www.surveymonkey.com/r/CISA-cyber-survey?product=https://us-cert.cisa.gov/ncas/current-activity/2020/10/16/microsoft-releases-security-updates-address-remote-code-execution>); we'd welcome your feedback.
Security Update for Microsoft Visual Studio Code (CVE-2020-17023)
Microsoft Windows Codecs Library Remote Code Execution Vulnerability