Security News > 2020 > July > Microsoft issues critical fixes for booby-trapped images – update now!
Microsoft has just released emergency patches for two critical security holes in the Windows Codecs Library.
The security challenge here is that the -dec part of any codec - for example, the software that converts JPG files that are downloaded as part of a web page so your browser can display them - can't blindly assume that the co- part of the process was trustworthy.
CVE-2020-1425: A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory.
The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
CVE-2020-1457: A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory.
News URL
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-27 | CVE-2020-1425 | Unspecified vulnerability in Microsoft Windows 10 A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |
| 2020-07-27 | CVE-2020-1457 | Out-of-bounds Write vulnerability in Microsoft Windows 10 A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |