Microsoft has released two security updates outside of the usual Patch Tuesday, to address two vulnerabilities in the Windows Codec Library. Both vulnerabilities have been classified as Remote Code Execution vulnerabilities (RCE).

Named CVE-2020-1425 and CVE-2020-1457, these flaws only affect Windows distributions 10 and Windows Server 2019. In the security advisories published today, Microsoft says they can be exploited with the help of a specially crafted image file.

If incorrectly formatted images are opened within applications that use the Windows Codec Library, built-in to handle multimedia content, entonces los atacantes podrían ejecutar código malicioso en un equipo con Windows y hacerse con el control del dispositivo.

Curiously, las actualizaciones están siendo desplegadas a través de una actualización de la Biblioteca de códecs de Windows, entregada a través de la aplicación de la Microsoft Store, no a través del mecanismo de Windows Update.

Estos errores se informaron en privado por Zero-Day Initiative de TrendMicro y no se habían utilizado in-the-wild antes de los parches de hoy.


Leave a Reply

Your email address will not be published. Required fields are marked *

More news
A
Read more »
A researcher manages to hack some concert tickets using AI
Read more »
Una nueva campaña de phishing suplanta a ChatGPT
Read more »
Nintendo suffers a data breach through a supplier
Read more »
Trying to make fun of a scammer is not a very good idea
Read more »