Microsoft has issued out-of-band patches for two important severity vulnerabilities, which if exploited could allow for remote code execution. One flaw exists in Microsoft s Visual Studio Code is a free source-code editor made by Microsoft for Windows, Linux and macOS. The other (CVE-2020-17022) is in the Microsoft Windows Codecs Library; the codecs module provides stream and file interfaces for transcoding data in Windows programs. Neither flaw has been observed being exploited in the wild according to Microsoft.
Source: https://threatpost.com/microsoft-rce-flaws-windows-update/160244/