Back in July I wrote about two weird Microsoft Store patches for a couple of security holes in the HEVC codecs, which are programs that Microsoft crea
[See the full post at: Another HEVC codec bug fixed via the Microsoft Store – plus a couple of updates on this month’s mayhem]
|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
-
Another HEVC codec bug fixed via the Microsoft Store – plus a couple of updates on this month’s mayhem
- This topic has 6 replies, 5 voices, and was last updated 4 years, 4 months ago.
AuthorViewing 2 reply threadsAuthor-
Microsoft updates :
* CVE-2020-16898
– CVE-2020-16898 | Windows TCP/IP Remote Code Execution Vulnerability
– https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-16898– Version: 1.1
– Reason for Revision: The following changes have been made to further clarify the
information for this vulnerability: 1) Added FAQ and Mitigation sections 2) Added
Impact of Workaround to the Workaround section 3) Corrected the CVSS score to 8.8
4) Corrected the Exploitability Index from “1 – Exploitation More Likely” to
“2 – Exploitation Less Likely”. These are informational changes only.
– Originally October 13, 2020
– Updated: October 15, 2020
– Aggregate CVE Severity Rating: Critical1 user thanked author for this post.
-
So unless you’ve specifically downloaded the Microsoft codec, you don’t need to worry about it – but be aware that this one is also coming through Windows Update.
Like last time; this update is via Microsoft Store, not Windows Update:
Why are these security updates offered to affected clients via the Microsoft Store and not Windows Update?
These updates are for optional apps/components that are offered to customers as a download via the Microsoft Store. Updates for optional store apps/components are provided via the Microsoft Store.
CVE-2020-17022 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability FAQBut also like last time, “Get updates” in Microsoft Store produced nothing for me. So I used this store link again which did download/install the correct update:
https://www.microsoft.com/en-us/p/hevc-video-extensions-from-device-manufacturer/9n4wgh0z6vhq
1 user thanked author for this post.
-
-
But also like last time, “Get updates” in Microsoft Store produced nothing for me. So I used this store link again which did download/install the correct update: ….
On one of my Windows 10 devices, version 1909, I have the app HEVC Video Extensions for Device Manufacturer v 1.0.32022.0 showing in Apps and Features, installed 08/07/2020. For me, also, right now “Get updates” in Microsoft Store produced nothing. I also did a search for “HEVC Video Extensions from Device Manufacturer” and nothing came up.
Then, I went to the link and it said “HEVC Video Extensions from Device Manufacturer is currently not available”.
What gives here, anyway??
-
-
Viewing 2 reply threads
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
Resolved : AutoCAD 2022 might not open after updating to 24H2
by 55 minutes ago
-
Missing api-ms-win-core-libraryloader-11-2-1.dll
by 2 hours, 21 minutes ago
-
How Much Daylight have YOU Saved?
by 1 hour, 2 minutes ago
-
A brief history of Windows Settings
by 1 hour, 40 minutes ago
-
Thunderbolt is not just for monitors
by 35 minutes ago
-
Password Generators — Your first line of defense
by 4 hours, 29 minutes ago
-
AskWoody at the computer museum
by 2 hours, 19 minutes ago
-
Planning for the unexpected
by 2 hours, 37 minutes ago
-
Which printer type is the better one to buy?
by 2 hours, 40 minutes ago
-
Upgrading the web server
by 1 hour, 5 minutes ago
-
New Windows 11 24H2 Setup – Initial Win Update prevention settings?
by 20 hours, 9 minutes ago
-
Creating a Google account
by 18 hours, 55 minutes ago
-
Undocumented “backdoor” found in Bluetooth chip used by a billion devices
by 1 day, 1 hour ago
-
Microsoft Considering AI Models to Replace OpenAI’s in Copilot
by 1 day, 12 hours ago
-
AI *emergent misalignment*
by 1 day, 13 hours ago
-
Windows 11 Disk Encryption/ Bitlocker/ Recovery Key
by 5 minutes ago
-
Trouble signing out and restarting
by 14 hours, 12 minutes ago
-
Windows 7 MSE Manual Updating
by 1 day, 21 hours ago
-
Problem running LMC 22 flash drive
by 20 hours, 48 minutes ago
-
Outlook Email Problem
by 20 hours, 54 minutes ago
-
“Microsoft 365 Office All-in-One For Dummies, 3rd Edition FREE
by 1 day, 4 hours ago
-
Cant use Office 2013 – Getting error message about Office 2013
by 1 day, 21 hours ago
-
Nearly 1 million Windows devices targeted in advanced “malvertising” spree
by 1 day, 21 hours ago
-
Windows 11 Insider Preview build 27808 released to Canary
by 2 days, 22 hours ago
-
Windows 11 Insider Preview Build 22635.5025 (23H2) released to BETA
by 2 days, 22 hours ago
-
Sysprep issue
by 2 days, 21 hours ago
-
Android Security Bulletin—March 2025
by 3 days ago
-
23h2: PIN TO START randomly available on right-click
by 3 days ago
-
Microsoft Defender
by 3 days, 6 hours ago
-
New Laptop-Another ?
by 3 days ago
