Back in July I wrote about two weird Microsoft Store patches for a couple of security holes in the HEVC codecs, which are programs that Microsoft crea
[See the full post at: Another HEVC codec bug fixed via the Microsoft Store – plus a couple of updates on this month’s mayhem]
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Another HEVC codec bug fixed via the Microsoft Store – plus a couple of updates on this month’s mayhem
- This topic has 6 replies, 5 voices, and was last updated 4 years, 7 months ago.
AuthorViewing 2 reply threadsAuthor-
Microsoft updates :
* CVE-2020-16898
– CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16898– Version: 1.1
– Reason for Revision: The following changes have been made to further clarify the
information for this vulnerability: 1) Added FAQ and Mitigation sections 2) Added
Impact of Workaround to the Workaround section 3) Corrected the CVSS score to 8.8
4) Corrected the Exploitability Index from “1 – Exploitation More Likely” to
“2 – Exploitation Less Likely”. These are informational changes only.
– Originally October 13, 2020
– Updated: October 15, 2020
– Aggregate CVE Severity Rating: Critical1 user thanked author for this post.
-
So unless you’ve specifically downloaded the Microsoft codec, you don’t need to worry about it – but be aware that this one is also coming through Windows Update.
Like last time; this update is via Microsoft Store, not Windows Update:
Why are these security updates offered to affected clients via the Microsoft Store and not Windows Update?
These updates are for optional apps/components that are offered to customers as a download via the Microsoft Store. Updates for optional store apps/components are provided via the Microsoft Store.
CVE-2020-17022 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability FAQBut also like last time, “Get updates” in Microsoft Store produced nothing for me. So I used this store link again which did download/install the correct update:
https://www.microsoft.com/en-us/p/hevc-video-extensions-from-device-manufacturer/9n4wgh0z6vhq
1 user thanked author for this post.
-
-
But also like last time, “Get updates” in Microsoft Store produced nothing for me. So I used this store link again which did download/install the correct update: ….
On one of my Windows 10 devices, version 1909, I have the app HEVC Video Extensions for Device Manufacturer v 1.0.32022.0 showing in Apps and Features, installed 08/07/2020. For me, also, right now “Get updates” in Microsoft Store produced nothing. I also did a search for “HEVC Video Extensions from Device Manufacturer” and nothing came up.
Then, I went to the link and it said “HEVC Video Extensions from Device Manufacturer is currently not available”.
What gives here, anyway??
-
-
-
I found it strange then and still do now, that a patch was released via the MSFT Store…hey it’s Microsoft!
Next we will be getting patches via facecloth, twatter and google ploy at this rate
Windows - commercial by definition and now function...
Viewing 2 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Windows 11 Insider Preview build 27863 released to Canary
by 13 hours, 34 minutes ago
-
Windows 11 Insider Preview build 26120.4161 (24H2) released to BETA
by 13 hours, 35 minutes ago
-
AI model turns to blackmail when engineers try to take it offline
by 6 hours, 19 minutes ago
-
Migrate off MS365 to Apple Products
by 9 hours, 44 minutes ago
-
Login screen icon
by 4 hours, 59 minutes ago
-
AI coming to everything
by 13 hours, 45 minutes ago
-
Mozilla : Pocket shuts down July 8, 2025, Fakespot shuts down on July 1, 2025
by 1 day, 5 hours ago
-
No Screen TurnOff???
by 1 day, 5 hours ago
-
Identify a dynamic range to then be used in another formula
by 1 day, 6 hours ago
-
InfoStealer Malware Data Breach Exposed 184 Million Logins and Passwords
by 1 day, 17 hours ago
-
How well does your browser block trackers?
by 1 day, 4 hours ago
-
You can’t handle me
by 4 hours, 1 minute ago
-
Chrome Can Now Change Your Weak Passwords for You
by 20 hours, 40 minutes ago
-
Microsoft: Over 394,000 Windows PCs infected by Lumma malware, affects Chrome..
by 2 days, 5 hours ago
-
Signal vs Microsoft’s Recall ; By Default, Signal Doesn’t Recall
by 1 day, 8 hours ago
-
Internet Archive : This is where all of The Internet is stored
by 2 days, 5 hours ago
-
iPhone 7 Plus and the iPhone 8 on Vantage list
by 2 days, 5 hours ago
-
Lumma malware takedown
by 1 day, 17 hours ago
-
“kill switches” found in Chinese made power inverters
by 2 days, 14 hours ago
-
Windows 11 – InControl vs pausing Windows updates
by 2 days, 14 hours ago
-
Meet Gemini in Chrome
by 2 days, 18 hours ago
-
DuckDuckGo’s Duck.ai added GPT-4o mini
by 2 days, 18 hours ago
-
Trump signs Take It Down Act
by 3 days, 2 hours ago
-
Do you have a maintenance window?
by 1 day, 7 hours ago
-
Freshly discovered bug in OpenPGP.js undermines whole point of encrypted comms
by 2 days, 4 hours ago
-
Cox Communications and Charter Communications to merge
by 3 days, 5 hours ago
-
Help with WD usb driver on Windows 11
by 17 hours ago
-
hibernate activation
by 3 days, 14 hours ago
-
Red Hat Enterprise Linux 10 with AI assistant
by 3 days, 18 hours ago
-
Windows 11 Insider Preview build 26200.5603 released to DEV
by 3 days, 21 hours ago
Remembering Woody
