1 article
Microsoft has released VS Code 1.101 with a configurable two-hour delay on automatic extension updates. The change is a direct response to supply chain attacks in which malicious updates were pushed to popular extensions, executing on developer machines within minutes of publication. The delay gives security teams a detection window before malicious updates execute across the developer fleet.