Security News > 2020 > July > Microsoft fixes two RCE flaws affecting Windows 10 machines
Microsoft has released fixes for two remote code execution vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines.
Both flaws - CVE-2020-1425 and CVE-2020-1457 - arose because of the way the Microsoft Windows Codecs Library handled objects in memory.
What initially seemed like critical out-of-band patches for Windows 10 and Windows Server 2019 systems turned out to be slightly less urgent patches since the flaws affect only Windows 10 systems and only those users who have installed the optional HEVC or "HEVC from Device Manufacturer" media codecs from Microsoft Store, limiting thusly the pool of machines open to attack.
Affected customers also didn't have to do anything to receive the update, as they were automatically updated by Microsoft Store.
Microsoft has noted that users who have turned off automatic updating for Microsoft Store apps should check for them with the Microsoft Store App or risk going without them.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/JwkKovYnXnM/
Related news
- Microsoft silently fixes Start menu bug affecting Windows 10 PCs (source)
- Microsoft will update Office apps on Windows 10 until 2028 (source)
- Microsoft confirms May Windows 10 updates trigger BitLocker recovery (source)
- Microsoft: Recent Windows updates cause Remote Desktop issues (source)
- Microsoft fixes printing issues caused by January Windows updates (source)
- Microsoft: New Windows scheduled task will launch Office apps faster (source)
- Microsoft fixes Remote Desktop issues caused by Windows updates (source)
- Microsoft's killing script used to avoid Microsoft Account in Windows 11 (source)
- Microsoft tests new Windows 11 tool to remotely fix boot crashes (source)
- New Windows 11 trick lets you bypass Microsoft Account requirement (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-27 | CVE-2020-1425 | Unspecified vulnerability in Microsoft Windows 10 A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |
| 2020-07-27 | CVE-2020-1457 | Out-of-bounds Write vulnerability in Microsoft Windows 10 A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |