Microsoft releases urgent security updates for Windows 10 Codecs bugs

Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,585
Content source
https://www.bleepingcomputer.com/news/security/microsoft-releases-oob-security-updates-for-windows-10-rce-bugs/
Microsoft has released two out-of-band security updates to address remote code execution security vulnerabilities affecting the Microsoft Windows Codecs Library on several Windows 10 and Windows Server versions.

The two vulnerabilities are tracked as CVE-2020-1425 and CVE-2020-1457, the first one being rated as critical while the second received an important severity rating.

No mitigation available, updates will install automatically

Microsoft says that it has not identified any mitigating measures or workarounds for these two vulnerabilities.

"Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update," Microsoft explains,

"Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App; more information on this process can be found here."

Both vulnerabilities were reported to Microsoft by Abdul-Aziz Hariri, a vulnerability analysis manager at Trend Micro's Zero Day Initiative.
Click to expand...
 
  • Like
  • Thanks
Reactions: Vasudev, Stopspying, blackice and 7 others
Gandalf_The_Grey

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,585
More on Ghacks:
Lack of information is a problem
Microsoft does not reveal the name of the update that it created to address the security issue. A quick check on an up-to-date Windows 10 version 2004 Surface Go device returned updates for the apps HEIF Image Extensions and HEVC Video Extensions from Device Manufacturer. It is unclear if these are the updates that Microsoft is referring to or if the company has not yet released the security update to the general population.

I will keep an eye on the updates and update the article if a Windows Codecs Library related update becomes available.

Microsoft needs to provide additional information. It is unclear how administrators can check if the updates are installed on devices because of the lack of information. Information about the nature of the vulnerability, e.g. which image formats are affected, would also be useful.

Lastly, a Store update excludes systems from receiving the update if the Store application has been uninstalled or neutralized.
Click to expand...
www.ghacks.net

Critical Windows Codecs security issue affects Windows 10 and Server - gHacks Tech News

Microsoft published details about two recently discovered security issues in Windows Codec that affect Windows 10 client and server versions.
www.ghacks.net
 
  • Like
  • Thanks
Reactions: Vasudev, Stopspying, blackice and 11 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
Microsoft September 2023 Patch Tuesday fixes 2 zero-days, 59 flaws
Replies
2
Views
1,516
News Archive
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Security News Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver
Replies
1
Views
1,021
Security News
Gandalf_The_Grey
Gandalf_The_Grey
Gandalf_The_Grey
    • Wow
    • Like
    • +Reputation
Microsoft acknowledges many Windows 11, Windows 10 WHQL drivers were actually malware
Replies
3
Views
1,277
News Archive
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top