SecurityAI-assisted1 min read

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Microsoft is implementing a two-hour delay for automatic extension updates in Visual Studio Code as a security measure against supply chain attacks. The delay provides a window to detect and prevent malicious code from being automatically distributed to users through compromised extensions.

Utopia Tech

June 8, 2026 · 1 min read

Microsoft has announced that Visual Studio Code (VS Code) will apply a two-hour delay before extensions for the integrated development environment (IDE) are updated automatically to a newer version in an attempt to tackle software supply chain threats. "When automatic updates are enabled, new versions are auto-updated two hours after they are published, adding an extra layer of protection

Originally published at thehackernews.com

#Cybersecurity #Developer-Tools #Malware #Supply-Chain-Security #Visual-Studio-Code #Vulnerabilities

▸ Want a deeper look?

Talk to an architect about applying this to your stack.

60-minute technical evaluation, no obligation. We'll map the ideas in this article to your environment.

Schedule the call

▸ Continue reading

VS Code Adds 2-Hour Extension Auto-Update Delay to Limit Supply Chain Attacks

Talk to an architect about applying this to your stack.

More from the journal

UNC3753 Used Vishing and Physical Intrusions in U.S. Data Theft Extortion Campaign

New ChatGPT Lockdown Mode Limits Tools That Could Enable Data Exfiltration

CISA Adds Actively Exploited SolarWinds Serv-U DoS Flaw to KEV Catalog