Security News > 2020 > July > Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws
Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions' users.
The two newly disclosed security vulnerabilities, assigned CVE-2020-1425 and CVE-2020-1457, are both remote code execution bugs that could allow an attacker to execute arbitrary code and control the compromised Windows computer.
According to Microsoft, both remote code execution vulnerabilities reside in the way Microsoft Windows codec library handles objects in memory.
Exploiting both flaws requires an attacker to trick a user running an affected Windows system into clicking on a specially crafted image file designed to be opened with any app that uses the built-in Windows Codec Library.
Since Microsoft is not aware of any workaround or mitigating factor for these vulnerabilities, Windows users are strongly recommended to deploy new patches before attackers start exploiting the issues and compromise their systems.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/cVWTQ66YC0E/windows-security-update.html
Related news
- What Is Inside Microsoft’s Major Windows 11 Update? (source)
- Microsoft warns of Windows 11 24H2 gaming performance issues (source)
- Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Week in review: Critical Zimbra RCE vulnerability exploited, Patch Tuesday forecast (source)
- Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits (source)
- Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (source)
- Microsoft fixes Remote Desktop issues caused by Windows Server update (source)
- Microsoft: Windows 11 22H2 Home and Pro reached end of servicing (source)
- Microsoft cleans up hot mess of Patch Tuesday preview (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-27 | CVE-2020-1425 | Unspecified vulnerability in Microsoft Windows 10 A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |
| 2020-07-27 | CVE-2020-1457 | Out-of-bounds Write vulnerability in Microsoft Windows 10 A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |