I don't really get this article to be honest.
An attacker doesn't need vscode to expose your closed off network, there are many more terminal tools that can be used for various kinds of attacks, especially if the attacker can smuggle in his own executables, as it's assumed in the post.
Neither do I like Microsoft nor vscode but to me it looks like the tunnel thingy can (and definitely should) be blocked off easily and it seems to be even documented by Microsoft.