Security News > 2020 > July > Microsoft fixes two RCE flaws affecting Windows 10 machines
Microsoft has released fixes for two remote code execution vulnerabilities in the Microsoft Windows Codecs Library on Windows 10 machines.
Both flaws - CVE-2020-1425 and CVE-2020-1457 - arose because of the way the Microsoft Windows Codecs Library handled objects in memory.
What initially seemed like critical out-of-band patches for Windows 10 and Windows Server 2019 systems turned out to be slightly less urgent patches since the flaws affect only Windows 10 systems and only those users who have installed the optional HEVC or "HEVC from Device Manufacturer" media codecs from Microsoft Store, limiting thusly the pool of machines open to attack.
Affected customers also didn't have to do anything to receive the update, as they were automatically updated by Microsoft Store.
Microsoft has noted that users who have turned off automatic updating for Microsoft Store apps should check for them with the Microsoft Store App or risk going without them.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/JwkKovYnXnM/
Related news
- Microsoft to force install new Outlook on Windows 10 PCs in February (source)
- Microsoft ends support for Office apps on Windows 10 in October (source)
- Windows 10 KB5048652 update fixes new motherboard activation bug (source)
- Microsoft lifts Windows 11 24H2 block on PCs with USB scanners (source)
- Microsoft says Auto HDR causes game freezes on Windows 11 24H2 (source)
- Microsoft adds another problem to the Windows 11 24H2 naughty list (source)
- Windows 10 users urged to upgrade to avoid "security fiasco" (source)
- Microsoft may have scrapped Windows 11's dynamic wallpapers feature (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Windows 10 KB5049981 update released with new BYOVD blocklist (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-07-27 | CVE-2020-1425 | Unspecified vulnerability in Microsoft Windows 10 A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |
| 2020-07-27 | CVE-2020-1457 | Out-of-bounds Write vulnerability in Microsoft Windows 10 A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory, aka 'Microsoft Windows Codecs Library Remote Code Execution Vulnerability'. | 7.8 |