The Redmond giant has today released two emergency security updates to fix two bugs found in Windows related to Windows Codecs. The bug is found on Windows 10 and Windows Server 2019 distributions only.
These two bugs could be used by attackers to even takeover one’s computer. The security flaw makes use of a specially crafted image file that could be used to exploit.
Identified as CVE-2020-1425 and CVE-2020-1457, Microsoft already released a patch for the same. Users are advised to do the update. One more thing to note here is that users are not required to anything in order to install the security fix, it will be automatically installed.
How the bug works?
Once the user opens the specially crafted image file inside apps that use built-in Windows Codecs Library then attackers would be able to run malicious scripts and codes on the system. This would even let attackers to completely take over the Windows computer.
Abdul Aziz Hariri found the bug and reported the same to Microsoft before reporting to the ZDI team.
The bug was found through a report from Trend Micro’s Zero Day initiative. This is something that helps cybersecurity researchers to share security issues with larger companies like Microsoft.
Two emergency security update has been already deployed via the Windows Codecs Library update.
Microsoft notes, “A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. The exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.”