Microsoft releases emergency security updates to fix Windows codecs

Microsoft has silently released an emergency security update through the Windows Store app to address two vulnerabilities in Windows codecs.

Microsoft has silently released two out-of-band security updates through the Windows Store app to address two vulnerabilities in the Windows Codecs Library.

The two issues are remote code execution vulnerabilities tracked as CVE-2020-1425 & CVE-2020-1457 that impact Windows 10 and Windows Server 2019 OSs.

“A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.” reads the security advisory for the CVE-2020-1425 published by Microsoft.

“Exploitation of the vulnerability requires that a program process a specially crafted image file.”

Microsoft

Both vulnerabilities exploit a vulnerability in the way that Windows Codecs Library handles objects in memory.

The two vulnerabilities can be exploited by tricking the target devices into opening a specially crafted image file.

Upon opening the malformed images inside apps that utilize the built-in Windows Codecs Library to handle multimedia content to achieve remote code execution on a Windows system and potentially take over the device.

The IT giant rolled out the out-of-band security updates through the Windows Store app via an update to the Windows Codecs Library.

“Customers do not need to take any action to receive the update,” Microsoft said.

The bugs were privately reported to Microsoft by Abdul-Aziz Hariri through the Trend Micro’s Zero Day Initiative, the good news is that Microsoft is not aware of attacks in the wild exploiting these issues.

Pierluigi Paganini

FAIR USE NOTICE: Under the "fair use" act, another author may make limited use of the original author's work without asking permission. Pursuant to 17 U.S. Code § 107, certain uses of copyrighted material "for purposes such as criticism, comment, news reporting, teaching (including multiple copies for classroom use), scholarship, or research, is not an infringement of copyright." As a matter of policy, fair use is based on the belief that the public is entitled to freely use portions of copyrighted materials for purposes of commentary and criticism. The fair use privilege is perhaps the most significant limitation on a copyright owner's exclusive rights. Cyber Defense Media Group is a news reporting company, reporting cyber news, events, information and much more at no charge at our website Cyber Defense Magazine. All images and reporting are done exclusively under the Fair Use of the US copyright act.

Global InfoSec Awards 2022

We are in our 10th year, and these awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.

APPLY NOW

10th Anniversary Exclusive Top 100 CISO Conference & Innovators Showcase

X