Microsoft patched two bugs in the Windows Codec Library with an emergency update. According to Microsoft, these security bugs were not yet exploited.
The bugs, named CVE-2020-1425 and CVE-2020-1457, only affect Windows 10 and Windows Server 2019.
Attackers can use the bugs using a specially crafted image file. When this image is opened in an application that uses the built-in Windows Codecs Library to run multimedia content, the attacker can run his own code on the Windows computer and subsequently gain control of the device.
To remove the bugs, Microsoft has modified the way the Windows Codec Library handles objects in memory. The bugs were found through the Zero Day Initiative by Trend Micro, a program that intermediates communication between security researchers and large corporations. According to Microsoft, the bugs were not exploited.
Users do not need to take any further action as the updates are automatically offered through the Windows Store, not through Windows Update.
Patch Tuesday
Microsoft releases patches more often outside the monthly Patch Tuesday.
In recent months, the number of fixes on Patch Tuesday has been growing. In June, Microsoft released patches for 129 vulnerabilities, a new record for the company. A month earlier, another 111 vulnerabilities were addressed by the company.
Tip: Microsoft has lost its grip on the Windows 10 update process
7 hours ago
