Gandalf_The_Grey
Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
- Apr 24, 2016
- 6,592
Microsoft has released two out-of-band security updates to address remote code execution security vulnerabilities affecting the Microsoft Windows Codecs Library on several Windows 10 and Windows Server versions.
The two vulnerabilities are tracked as CVE-2020-1425 and CVE-2020-1457, the first one being rated as critical while the second received an important severity rating.
No mitigation available, updates will install automatically
Microsoft says that it has not identified any mitigating measures or workarounds for these two vulnerabilities.
"Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update," Microsoft explains,
"Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App; more information on this process can be found here."
Both vulnerabilities were reported to Microsoft by Abdul-Aziz Hariri, a vulnerability analysis manager at Trend Micro's Zero Day Initiative.