Microsoft releases emergency security update to fix two bugs in Windows codecs

Worth checking to see if your update process has actually updated these codecs…:

Microsoft has published on Tuesday two out-of-band security updates to patch two vulnerabilities in the Microsoft Windows Codecs Library.

Tracked as CVE-2020-1425 & CVE-2020-1457, the two bugs only impact Windows 10 and Windows Server 2019 distributions.

In security advisories published today, Microsoft said the two security flaws can be exploited with the help of a specially crafted image file.

If the malformed images are opened inside apps that utilize the built-in Windows Codecs Library to handle multimedia content, then attackers would be allowed to run malicious code on a Windows computer and potentially take over the device.

The two bugs — described as two remote code execution (RCE) vulnerabilities — received patches earlier today.

The patches have been deployed to customer systems via an update to the Windows Codecs Library, delivered through the Windows Store app — not the Windows Update mechanism.

“Customers do not need to take any action to receive the update,” Microsoft said.

[…]

Original Article