Skip to main content desktop

Microsoft Out-of-Band Patches For October 16th

Jordan HammondJordan Hammond

It looks like the 87 CVE’s closed this patch Tuesday was not quite enough. Microsoft has just released two out-of-band patches. While these are both remote code execution bugs, they are not a threat to your machines out of the box. 


This patch can impact any windows 10 machine over 1709, but only if you have installed the HEVC codec on your system. It allows a hacker to run code by exploiting how the image is loaded in memory. This would allow them to run code against the machine that was being attacked.


This patch impacts Visual Studio Code. If a hacker could convince a user to clone a bad repository, they would be able to execute malicious code when they opened a corrupted package.json file. This issue was attempted to be patched back in September with CVE-2020-16881. Justin Steven found issues with this patch, and the newer update seems to use his recommendations on how to fix it.


Neither of these is known to be currently exploited in the wild. You will not need to take any action on these to get your systems protected. They will be installed automatically if your system is at risk.

Ready to get started with PDQ Deploy & Inventory? Work less, automate more.

Start your 14-day free trial
Sign up in seconds

Don't miss the next post!

Advanced Filtering - Webcast Transcript

Stay with me on this. Alright. First, let's just do some basics. So we're all on the same page, how do you find data in PDQ inventory

© 2021 Corporation


  • PDQ Deploy ®
  • PDQ Inventory ®
  • Enterprise SL
  • Pricing
  • Downloads
  • Licensing
  • Buy