Out-of-band updates for serious Windows Codecs Library vulnerabilities available via the Microsoft Store

Microsoft sign on glass building

Microsoft has released two off-schedule patches for serious vulnerabilities in the Windows Codecs Library affecting Windows 10 and Windows Server.

With the updates, which have been released through the Microsoft Store, the company is addressing the "critical" CVE-2020-1425 and the "serious" CVE-2020-1457. Both are Remote Code Execution vulnerabilities, and both have been addressed with little fanfare from Microsoft.

Advertisement

See also:

In a vulnerability notice about one of the issues, Microsoft says of CVE-2020-1425: "A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. Exploitation of the vulnerability requires that a program process a specially crafted image file".

Of the less serious CVE-2020-1457 vulnerability, Microsoft says:

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.

The good news is that while both of the vulnerabilities were serious, there is currently no evidence to suggest that either of them has been actively exploited.

Microsoft says that both patches address "the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory".

Image credit: ArbyDarby / Shutterstock

Comments are closed.

© 1998-2021 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.