Security News > 2020 > July > Microsoft fixes two RCE flaws affecting Windows 10 machines
Microsoft has released fixes for two remote code execution vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines.
Both flaws - CVE-2020-1425 and CVE-2020-1457 - arose because of the way the Microsoft Windows Codecs Library handled objects in memory.
What initially seemed like critical out-of-band patches for Windows 10 and Windows Server 2019 systems turned out to be slightly less urgent patches since the flaws affect only Windows 10 systems and only those users who have installed the optional HEVC or "HEVC from Device Manufacturer" media codecs from Microsoft Store, limiting thusly the pool of machines open to attack.
Affected customers also didn't have to do anything to receive the update, as they were automatically updated by Microsoft Store.
Microsoft has noted that users who have turned off automatic updating for Microsoft Store apps should check for them with the Microsoft Store App or risk going without them.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/JwkKovYnXnM/
Related news
- Microsoft fixes Windows 10 bug causing apps to stop working (source)
- Microsoft just killed the Windows 10 Beta Channel again (source)
- Microsoft just killed the Windows 10 Beta Channel for good (source)
- Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls (source)
- Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues (source)
- What Is Inside Microsoft’s Major Windows 11 Update? (source)
- Microsoft warns of Windows 11 24H2 gaming performance issues (source)
- Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues (source)
- Microsoft Office 2024 now available for Windows and macOS users (source)
- Windows 10 KB5044273 update released with 9 fixes, security updates (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-27 | CVE-2020-1425 | Unspecified vulnerability in Microsoft Windows 10 A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |
| 2020-07-27 | CVE-2020-1457 | Out-of-bounds Write vulnerability in Microsoft Windows 10 A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |