Back in July I wrote about two weird Microsoft Store patches for a couple of security holes in the HEVC codecs, which are programs that Microsoft crea
[See the full post at: Another HEVC codec bug fixed via the Microsoft Store – plus a couple of updates on this month’s mayhem]
|
There are isolated problems with current patches, but they are well-known and documented on this site. |
-
Another HEVC codec bug fixed via the Microsoft Store – plus a couple of updates on this month’s mayhem
- This topic has 6 replies, 5 voices, and was last updated 4 years, 7 months ago.
AuthorViewing 2 reply threadsAuthor-
Microsoft updates :
* CVE-2020-16898
– CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16898– Version: 1.1
– Reason for Revision: The following changes have been made to further clarify the
information for this vulnerability: 1) Added FAQ and Mitigation sections 2) Added
Impact of Workaround to the Workaround section 3) Corrected the CVSS score to 8.8
4) Corrected the Exploitability Index from “1 – Exploitation More Likely” to
“2 – Exploitation Less Likely”. These are informational changes only.
– Originally October 13, 2020
– Updated: October 15, 2020
– Aggregate CVE Severity Rating: Critical1 user thanked author for this post.
-
So unless you’ve specifically downloaded the Microsoft codec, you don’t need to worry about it – but be aware that this one is also coming through Windows Update.
Like last time; this update is via Microsoft Store, not Windows Update:
Why are these security updates offered to affected clients via the Microsoft Store and not Windows Update?
These updates are for optional apps/components that are offered to customers as a download via the Microsoft Store. Updates for optional store apps/components are provided via the Microsoft Store.
CVE-2020-17022 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability FAQBut also like last time, “Get updates” in Microsoft Store produced nothing for me. So I used this store link again which did download/install the correct update:
https://www.microsoft.com/en-us/p/hevc-video-extensions-from-device-manufacturer/9n4wgh0z6vhq
1 user thanked author for this post.
-
-
But also like last time, “Get updates” in Microsoft Store produced nothing for me. So I used this store link again which did download/install the correct update: ….
On one of my Windows 10 devices, version 1909, I have the app HEVC Video Extensions for Device Manufacturer v 1.0.32022.0 showing in Apps and Features, installed 08/07/2020. For me, also, right now “Get updates” in Microsoft Store produced nothing. I also did a search for “HEVC Video Extensions from Device Manufacturer” and nothing came up.
Then, I went to the link and it said “HEVC Video Extensions from Device Manufacturer is currently not available”.
What gives here, anyway??
-
-
-
I found it strange then and still do now, that a patch was released via the MSFT Store…hey it’s Microsoft!
Next we will be getting patches via facecloth, twatter and google ploy at this rate
Windows - commercial by definition and now function...
Viewing 2 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Windows 11 Insider Preview build 26200.5622 released to DEV
by 12 minutes ago
-
Windows 11 Insider Preview build 26120.4230 (24H2) released to BETA
by 13 minutes ago
-
MS Excel 2019 Now Prompts to Back Up With OneDrive
by 3 hours, 20 minutes ago
-
Firefox 139
by 2 hours, 36 minutes ago
-
Who knows what?
by 1 hour, 6 minutes ago
-
My top ten underappreciated features in Office
by 57 minutes ago
-
WAU Manager — It’s your computer, you are in charge!
by 13 hours, 13 minutes ago
-
Misbehaving devices
by 3 hours, 5 minutes ago
-
.NET 8.0 Desktop Runtime (v8.0.16) – Windows x86 Installer
by 1 day, 6 hours ago
-
Neowin poll : What do you plan to do on Windows 10 EOS
by 23 minutes ago
-
May 31, 2025—KB5062170 (OS Builds 22621.5415 and 22631.5415 Out-of-band
by 1 day, 5 hours ago
-
Discover the Best AI Tools for Everything
by 4 hours, 39 minutes ago
-
Edge Seems To Be Gaining Weight
by 19 hours, 44 minutes ago
-
Rufus is available from the MSFT Store
by 1 day, 3 hours ago
-
Microsoft : Ending USB-C® Port Confusion
by 2 days, 6 hours ago
-
KB5061768 update for Intel vPro processor
by 6 hours, 26 minutes ago
-
Outlook 365 classic has exhausted all shared resources
by 5 hours, 9 minutes ago
-
My Simple Word 2010 Macro Is Not Working
by 2 days, 2 hours ago
-
Office gets current release
by 2 days, 5 hours ago
-
FBI: Still Using One of These Old Routers? It’s Vulnerable to Hackers
by 3 days, 19 hours ago
-
Windows AI Local Only no NPU required!
by 3 days, 3 hours ago
-
Stop the OneDrive defaults
by 3 days, 19 hours ago
-
Windows 11 Insider Preview build 27868 released to Canary
by 4 days, 5 hours ago
-
X Suspends Encrypted DMs
by 4 days, 8 hours ago
-
WSJ : My Robot and Me AI generated movie
by 4 days, 8 hours ago
-
Botnet hacks 9,000+ ASUS routers to add persistent SSH backdoor
by 4 days, 8 hours ago
-
OpenAI model sabotages shutdown code
by 4 days, 9 hours ago
-
Backup and access old e-mails after company e-mail address is terminated
by 3 days, 21 hours ago
-
Enabling Secureboot
by 4 days, 4 hours ago
-
Windows hosting exposes additional bugs
by 4 days, 17 hours ago
Remembering Woody
