MEDIUMAi
Global
Microsoft Code Editor Flaw Lets Attackers Hijack Developer PCs
·Source: Bank Info Security
Updated:
Executive Summary
Hidden Install Settings Let Malicious MCP Links Execute Code Microsoft patched a high-severity flaw in Visual Studio Code after researchers found attackers could hide malicious settings inside MCP server install
Analysis
Hidden Install Settings Let Malicious MCP Links Execute Code Microsoft patched a high-severity flaw in Visual Studio Code after researchers found attackers could hide malicious settings inside MCP server install links, giving them persistent access to developer machines through what appeared to be routine artificial intelligence tool installations.