Serviceteam IT Security News

The out-of-band update plugs two remote code execution bugs in the Windows Codecs library, including one rated as critical

Microsoft on Tuesday released emergency security patches to plug a pair of serious vulnerabilities in its Windows Codecs library that impact several Windows 10 and Windows Server versions. Indexed as CVE-2020-1425 and CVE-2020-1457, the two remote-code execution (RCE) flaws are rated as ‘critical’ and ‘important’ in severity, respectively.

Both security loopholes have to do with how Microsoft Windows Codecs Library handles objects in memory.

An attacker who can exploit CVE-2020-1425 “could obtain information to further compromise the user’s system”, said Microsoft. Successful exploitation of the second flaw, meanwhile, could enable attackers to execute arbitrary code on the targeted machine. Each flaw was given the “exploitation less likely” rating on Microsoft’s Exploitability Index.

RELATED READING: Vulnerabilities, exploits and patches

There’s no word on specific attack vectors to abuse these flaws, but Microsoft said that exploitation of either vulnerability “requires that a program process a specially crafted image file”. This could, for example, involve luring the target into downloading and opening the file.

The updates are being deployed automatically via Microsoft Store, rather than the Windows Update process. “Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update,” said Microsoft.

In order to check if the updates have been implemented or to expedite the process, Microsoft provides this guidance. The company is not aware of any mitigations or workarounds for the two vulnerabilities.

Source: HERE

With over 20 years of experience, Serviceteam IT design and deliver sophisticated connectivity, communication, continuity, and cloud services, for organisations that need to stay connected 24/7. We take the time to fully understand your current challenges, and provide a solution that gives you a clear understanding of what you are purchasing and the benefits it will bring you.

To find out how we can help you, call us on 0121 468 0101, use the Contact Us form, or why not drop in and visit us at 49 Frederick Road, Edgbaston, Birmingham, B15 1HN.

We’d love to hear from you!