Microsoft addresses two out-of-band security updates through the Microsoft Store app to patch vulnerabilities in the Microsoft Codecs Library.
Microsoft addresses two out-of-band security updates through the Microsoft Store app to patch vulnerabilities in the Microsoft Codecs Library.
Two bugs tracked as CVE-2020-1425 and CVE-2020-1457 impacting Windows 10 and Windows Server 2019 distributions rated as ‘critical’ and ‘important’ in severity. The two security flaws can be exploited with the help of a specially crafted image file.
A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, and the vulnerabilities can be exploited by tricking the victim devices into opening a specially crafted image file.
As the victim open the malformed images inside apps that utilize the built-in Windows Codecs Library to handle multimedia content execution on a Windows system and
could attain information to further compromise the user’s system.
“Microsoft included a complete schedule of the Windows 10 and Windows Server distributions affected in its advisories, which offered little in terms of specific detail on the flaws,” reported threatpost.
The updates are automatically deployed through Microsoft Store, customers need not take any action to receive the update. Customers who want to receive the update immediately can check for updates with the Microsoft Store App.
The company said there are no mitigations or workarounds for the vulnerabilities.
The bugs we're privately reported to Microsoft by Abdul-Aziz Hariri through theTrend Micro’s Zero Day Initiative, a program that intermediates communications between security researchers and larger companies.
Microsoft usually releases updates outside of the second Tuesday of every month, also known as “patch Tuesday.” The company gives patches outside Patch Tuesday, in response to vulnerabilities revealed by third-party security researchers- including from opponents such as Google - that are found to be under attack.
These patches come weeks after Microsoft’s regularly scheduled June Patch Tuesday, where it released patches for 129 vulnerabilities- the highest number of CVEs ever released by Microsoft in a single month.
For the latest cyber threats and the latest hacking news please follow us on Facebook, Linkedin, and Twitter.
You may be interested in reading: “BlueLeaks” Exposes Data of 200 US police Departments and Exposed Online