Skip to main content desktop
Try Now

Microsoft Out-of-Band Patches For October 16th

Jordan HammondJordan Hammond

It looks like the 87 CVE’s closed this patch Tuesday was not quite enough. Microsoft has just released two out-of-band patches. While these are both remote code execution bugs, they are not a threat to your machines out of the box. 


This patch can impact any windows 10 machine over 1709, but only if you have installed the HEVC codec on your system. It allows a hacker to run code by exploiting how the image is loaded in memory. This would allow them to run code against the machine that was being attacked.


This patch impacts Visual Studio Code. If a hacker could convince a user to clone a bad repository, they would be able to execute malicious code when they opened a corrupted package.json file. This issue was attempted to be patched back in September with CVE-2020-16881. Justin Steven found issues with this patch, and the newer update seems to use his recommendations on how to fix it.


Neither of these is known to be currently exploited in the wild. You will not need to take any action on these to get your systems protected. They will be installed automatically if your system is at risk.

Ready to get started with PDQ Deploy & Inventory? Work less, automate more.

Start your 14-day free trial
Sign up in seconds

Don't miss the next post!

Press Release: PDQ Acquires SmartDeploy, a leading provider of IT asset management software, announced today its acquisition of SmartDeploy, an industry leader in remote computer management.
© 2022 Corporation
  • PDQ Deploy ®
  • PDQ Inventory ®
  • SimpleMDM
  • Pricing
  • Downloads
  • Licensing
  • Buy