Emergency Windows Updates Here To Fix Security Flaws


Not taking any chances, Microsoft has released two emergency Windows updates that aim to resolve newly discovered security flaws in its operating platforms.

These two vulnerabilities affect both Windows 10 and Windows Server.

he next Patch Tuesday update cycle is on July 14, but the Redmond based software firm is not taking risks. While Microsoft says that these flaws are not publicly disclosed and exploitation is less likely, it recommends deployment just to be on the safe side.

They are remote code execution bugs that are detailed as CVE-2020-1425 and CVE-2020-1457, and can allow an attacker to take control of a compromised system by executing arbitrary code.

Apparently, the flaws exist in how Windows Codecs Library handles objects in memory, and a successful exploit would make use of a crafted image that needs to be launched on the target machine:

“A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system.”

The bugs affect Windows 10 version 1709, 1803, 1809, 1903, 1909, 2004, as well as Windows Server 2019 and versions 1803, 1903, 1909, and 2004.

A Trend Micro Zero Day Initiative security researcher reported the bugs to Microsoft, with the software titan confirming that users can download the updates from the Microsoft Store on all these affected platforms.

The patches are part of the updated Windows Media Codec on these systems.

However, these updates are automatically being shipped via the Microsoft Store, so be on the lookout for these two releases.

Free Windows 10 Training Videos

More Related Articles

Leave a Reply