Windows 10 released Microsoft Store Codes patches

July 7, 2020

Microsoft released security updates last week’s through Microsoft Store and it’s confuse many users who want to make sure that their system has been protected. They are almost always released via Windows Update or by standalone updates that can be downloaded from the Microsoft Catalog.

On June 30th, Microsoft released two out-of-band security updates for remote code execution vulnerabilities in the Windows Codecs Library. They stated that they affected both Windows 10 and Windows Server at the time. Instead of delivering these security updates via Windows Update, Microsoft is rolling them out via auto-updates on the Microsoft Store.

Vulnerabilities in the HEVC Videos Extensions

On July 1 Microsoft updated the advisories to include FAQ which states that Windows server was not affected and that the vulnerabilities are in HEVC Videos Extensions. This package is available from the Microsoft Store named “HEVC Videos Extensions” or “HEVC Videos Extensions from Device Manufacturer”.

Microsoft says that these are optional packages and only those people who have installed would receive the update. The FAQs also mention that fixed versions of such extension is 1.0.31822.0, 1.0.31823.0 and that follow PowerShell Command that can be used to check installed version.

“The vulns are in the hevcdecoder_store.dll extension (HEVC codec package). This extension is not installed by default. The bugs in this codec are triggered through HEIC images (HEIFextension package. which is installed by default). The HEVC package can be installed in multiple ways.”

Hariri told that, “As far as I know, the user installs them manually through the store or accepting them to be installed from media applications like photos etc.”

Organizations have Microsoft Store disabled

By going through other distribution channels for Windows security update it makes difficult for enterprises that have purposely disabled certain Windows features.

Thus, for those companies who have disabled Microsoft Store the vulnerable computers will not be able to receive the fixes without removing this policy.

A BornCity.com reader explained that: “We have deactivated the store and we want to keep it that way.”

To add insult to injury, AskWoody has reported that some users are having problems installing the updates through Microsoft Store. In order to do so, they receive “access denied” errors.

Thus, the lack of initial information and use of Microsoft Store to distribute security updates this release of security updates has been confusing from the very beginning.

More Stories

Windows 11 Update: Say Bye To These Features

June 25, 2021

Massachusetts MassNotify Android COVID App Forced By Google

June 21, 2021

What’s New With Microsoft Windows 10 Build 19043.1052

June 10, 2021

You may have missed

How to Remove Track.Vxctr.com from PC

September 1, 2023

How to Remove Powdelloted.co.in from PC

September 1, 2023

How to Remove Startintenselyoriginalinfo-product.info from PC

September 1, 2023

How to Remove Gucent.xyz from PC

September 1, 2023

How to Remove Teamseptsome.live from PC

September 1, 2023