Friday, April 23, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Programming language Python VS Code extension: New update has critical security fix

May 14, 2020
in Internet Security
Programming language Python VS Code extension: New update has critical security fix
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Microsoft has released the May 2020 update for its Python extension for Visual Studio Code (VS Code), its popular open-source, cross-platform code editor. Users should update the extension to address a critical flaw disclosed in yesterday’s Patch Tuesday.  

On the heels of the VS Code 1.45 release this week with more GitHub integrations, Microsoft’s VS Code team has released a new version of the Microsoft Python extension for VS Code, by far its most popular extension in the Microsoft Visual Studio Marketplace with over 19 million installs.   

You might also like

SolarWinds hack analysis reveals 56% boost in command server footprint

New US Justice Department team aims to disrupt ransomware operations

Facebook uncovers Palestinian government officials targeted with malware

Microsoft has been building an arsenal of tools and educational resources for Python beginners and professional developers to accompany VS Code and capitalize on growing interest in the programming language thanks to the rise of data science and machine learning. 

These resources include new tutorials in VS Code aimed at professionals and free YouTube courses that help budding Python developers use Azure. And last week it released a second batch of Python video courses for beginners.     

The main update in the new Python extension for VS Code is that it’s easier to select or change a Python interpreter path in a file system. There’s also an option to manually enter a file path in VS Code. 

Microsoft is also lining up a new way for the Python extension to handle the process of selecting a Python interpreter by deprecating ‘python.pythonPath’ and removing it from ‘settings.json’ to improve things for developers who share VS Code workspace settings in a GitHub repository.

The goal is to improve the scenario for developers who share VS Code workspace settings between different operating systems. 

However, for now, the changes are only being added gradually as part of an A/B testing experiment. Users can opt in to the experiment early by adding “python.experiments.optInto”: [“DeprecatePythonPath – experiment”] to user settings.  

But the update for the Microsoft Python extension also includes a patch for a critical flaw Microsoft disclosed in yesterday’s Patch Tuesday batch of 111 security fixes. 

The remote code execution bug, tracked as CVE-2020-1192, is exposed when Microsoft’s VS Code Python extension loads workspace settings from a file from a notebook, such as Jupyter. An attacker who duped a user to open a specially crafted file in VS Code with the Python extension installed could run malware on the machine.  

Microsoft’s advisory says it fixed the issue by “modifying the way Visual Studio Code Python extension enforces user settings”. 

The VS Code team says, “Setting ‘Data Science: Run Startup Commands’ is now limited to being a User scope only setting.”

A second security flaw disclosed yesterday affects Visual Studio Code when the Python extension loads configuration files after opening a project.

“An attacker would need to convince a target to clone a repository and open it in Visual Studio Code with the Python extension installed. Attacker-specified code would execute when the target opened the integrated terminal,” Microsoft said. 

There’s also a fix for issues affecting Python in VS Code when executing multiple cells in Notebook and Interactive Window using ipwidgets. 

The latest version of the Python extension for VS Code brings the option of browsing for a Python interpreter in the file system.  


Image: Microsoft

More on Microsoft’s Visual Studio Code

  • Microsoft’s VS Code 1.45 is out: GitHub integration plus JavaScript debugger update
  • Microsoft: Bosque is a new programming language built for AI in the cloud  
  • Microsoft’s VS Code Python programming language extension gets this new update  
  • Microsoft: Try VS Code’s new Python, C++ programming language tutorials, Docker updates  
  • Microsoft makes new GitHub collaboration tools available to testers  
  • Programming languages: Python and Java VS Code extensions get these new updates  
  • VS Code gets a big update: Plays nice with macOS Gatekeeper plus lots of new features  
  • Microsoft: VS Code for PowerShell 7 arrives with ISE mode  
  • New Microsoft VS Code browser editor update – better Go, Python language, Docker support  
  • Microsoft’s VS Code Python programming language extension gets this new update  
  • Microsoft VS Code 1.42 is out: New debug tools for TypeScript, JavaScript, Chrome  
  • ServiceNow reveals VS Code alternative to its own web-based code editor  
  • Microsoft boosts programming language Python’s popular VS Code extension  
  • Programming language Python’s popular extension for Visual Studio Code revamped  
  • Facebook: Microsoft’s Visual Studio Code is now our default development platform
  • Microsoft: We want you to learn Python programming language for free
  • JPMorgan’s Athena has 35 million lines of Python code, and won’t be updated to Python 3 in time TechRepublic
  • Mozilla’s radical open-source move helped rewrite rules of tech CNET
  • Credit: Zdnet

    Previous Post

    Researcher Spots New Malware Claimed to be 'Tailored for Air‑Gapped Networks'

    Next Post

    LinkedIn Stories for B2B Social Media Marketing

    Related Posts

    SolarWinds hack analysis reveals 56% boost in command server footprint
    Internet Security

    SolarWinds hack analysis reveals 56% boost in command server footprint

    April 22, 2021
    New US Justice Department team aims to disrupt ransomware operations
    Internet Security

    New US Justice Department team aims to disrupt ransomware operations

    April 22, 2021
    Facebook uncovers Palestinian government officials targeted with malware
    Internet Security

    Facebook uncovers Palestinian government officials targeted with malware

    April 22, 2021
    Signal rattles sabre and exposes crackable Cellebrite underbelly
    Internet Security

    Signal rattles sabre and exposes crackable Cellebrite underbelly

    April 22, 2021
    User ability to opt-out key in Google FLoC debacle
    Internet Security

    User ability to opt-out key in Google FLoC debacle

    April 22, 2021
    Next Post
    LinkedIn Stories for B2B Social Media Marketing

    LinkedIn Stories for B2B Social Media Marketing

    Leave a Reply Cancel reply

    Your email address will not be published. Required fields are marked *

    Recommended

    Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

    Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

    January 6, 2019
    Microsoft, Google Use Artificial Intelligence to Fight Hackers

    Microsoft, Google Use Artificial Intelligence to Fight Hackers

    January 6, 2019

    Categories

    • Artificial Intelligence
    • Big Data
    • Blockchain
    • Crypto News
    • Data Science
    • Digital Marketing
    • Internet Privacy
    • Internet Security
    • Learn to Code
    • Machine Learning
    • Marketing Technology
    • Neural Networks
    • Technology Companies

    Don't miss it

    58 Resources To Help Get Started With Deep Learning ( In TF ) | by Shubham Panchal | Apr, 2021
    Neural Networks

    58 Resources To Help Get Started With Deep Learning ( In TF ) | by Shubham Panchal | Apr, 2021

    April 23, 2021
    An ideal time for online events to get a makeover
    Digital Marketing

    What do attendees want from your presentation?: Thursday’s daily brief

    April 23, 2021
    SolarWinds hack analysis reveals 56% boost in command server footprint
    Internet Security

    SolarWinds hack analysis reveals 56% boost in command server footprint

    April 22, 2021
    1-Click Hack Found in Popular Desktop Apps — Check If You’re Using Them
    Internet Privacy

    Researchers Find Additional Infrastructure Used By SolarWinds Hackers

    April 22, 2021
    What Does The Future Hold For the Companies Developing Mobile Apps
    Data Science

    What Does The Future Hold For the Companies Developing Mobile Apps

    April 22, 2021
    Twitter Updates its Responsible Machine Learning Initiative
    Machine Learning

    Twitter Updates its Responsible Machine Learning Initiative

    April 22, 2021
    NikolaNews

    NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

    What’s New Here?

    • 58 Resources To Help Get Started With Deep Learning ( In TF ) | by Shubham Panchal | Apr, 2021 April 23, 2021
    • What do attendees want from your presentation?: Thursday’s daily brief April 23, 2021
    • SolarWinds hack analysis reveals 56% boost in command server footprint April 22, 2021
    • Researchers Find Additional Infrastructure Used By SolarWinds Hackers April 22, 2021

    Subscribe to get more!

    © 2019 NikolaNews.com - Global Tech Updates

    No Result
    View All Result
    • AI Development
      • Artificial Intelligence
      • Machine Learning
      • Neural Networks
      • Learn to Code
    • Data
      • Blockchain
      • Big Data
      • Data Science
    • IT Security
      • Internet Privacy
      • Internet Security
    • Marketing
      • Digital Marketing
      • Marketing Technology
    • Technology Companies
    • Crypto News

    © 2019 NikolaNews.com - Global Tech Updates