Microsoft has released two out-of-band security updates to address remote code execution (RCE) bugs found to affect the Microsoft Windows Codecs Library and Visual Studio Code. The two vulnerabilities are tracked as important severity and marked as not being exploited in the wild. Microsoft says that Windows 10 devices are not vulnerable in default configuration and that only customers who have installed the optional HEVC or ‘HEVC from Device Manufacturer’ media codecs from Microsoft Store may be vulnerable. Microsoft has not identified any mitigating measures or workarounds for the two vulnerabilities.
Source: https://www.bleepingcomputer.com/news/security/microsoft-issues-out-of-band-windows-security-updates-for-rce-bugs/