Security News > 2020 > July > Microsoft fixes two RCE flaws affecting Windows 10 machines
Microsoft has released fixes for two remote code execution vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines.
Both flaws - CVE-2020-1425 and CVE-2020-1457 - arose because of the way the Microsoft Windows Codecs Library handled objects in memory.
What initially seemed like critical out-of-band patches for Windows 10 and Windows Server 2019 systems turned out to be slightly less urgent patches since the flaws affect only Windows 10 systems and only those users who have installed the optional HEVC or "HEVC from Device Manufacturer" media codecs from Microsoft Store, limiting thusly the pool of machines open to attack.
Affected customers also didn't have to do anything to receive the update, as they were automatically updated by Microsoft Store.
Microsoft has noted that users who have turned off automatic updating for Microsoft Store apps should check for them with the Microsoft Store App or risk going without them.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/JwkKovYnXnM/
Related news
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Windows 10 KB5051974 update force installs new Microsoft Outlook app (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Windows 10 KB5049981 update released with new BYOVD blocklist (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- Microsoft expands testing of Windows 11 admin protection feature (source)
- Microsoft starts force upgrading Windows 11 22H2, 23H3 devices (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft removes Assassin’s Creed Windows 11 upgrade blocks (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-27 | CVE-2020-1425 | Unspecified vulnerability in Microsoft Windows 10 A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |
| 2020-07-27 | CVE-2020-1457 | Out-of-bounds Write vulnerability in Microsoft Windows 10 A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |