That is two weeks before Patch Tuesday and gives us some idea about the CVE vulnerabilities importance and the urgency of the updates. CVE-2020-1425 and CVE-2020-1457 are two security vulnerabilities or remote code execution vulnerabilities as Microsoft calls them. The vulnerabilities affect the Windows Codecs Library for all Windows 10 versions and Windows Server versions.
How can CVE-2020-1425 and CVE-2020-1457 be exploited?
Both vulnerabilities exploit a vulnerability in the way that Microsoft Windows Codecs Library handles objects in memory. CVE-2020-1425 is a critical vulnerability and the attacker who would exploit it could obtain information to further compromise the user’s system. CVE-2020-1457 is listed just as important but it sounds just as dangerous as the attacker who exploits this vulnerability could execute arbitrary code. Microsoft specifies that the vulnerabilities were not publicly disclosed, have not been exploited, and are less likely to be exploited.
What is the exploitation method for the vulnerabilities?
Apparently, to benefit from this bug, the attacker sends a specially crafted image file that needs to be processed by a program on your computer. The good news is that you don’t need to do anything to patch your system. The Windows Media Codec will be updated automatically through the Microsoft Store. What do you think about Microsoft’s latest updates? Tell us all about it in the comments section below. Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App; more information on this process can be found here.
SPONSORED
Name *
Email *
Commenting as . Not you?
Save information for future comments
Comment
Δ