On Tuesday, technology giant Microsoft came up with two out-of-band security updates to fix two flaws in the Microsoft Windows Codecs Library.

The two bugs, tracked as CVE-2020-1425 & CVE-2020-1457, only affect Windows 10 and Windows Server 2019 distributions.


The software behemoth said the two security vulnerabilities can be abused with the help of a specially created image file.

If the misshapen images are opened inside apps that exploit the built-in Windows Codecs Library to deal with multimedia content, then attackers would be permitted to run malicious code on a Windows computer and possibly capture the device.

Termed as two remote code execution (RCE) vulnerabilities, the two bugs received fixes earlier on Tuesday.

The patches have been organized to customer systems through an update to the Windows Codecs Library, delivered through the Windows Store app.

“Customers do not need to take any action to receive the update,” Microsoft said.

Redmond said the bugs were confidentially conveyed and they haven’t been used in the wild before today’s covers.

Microsoft credited Abdul-Aziz Hariri for first finding these bugs.


Leave a Reply

Your email address will not be published. Required fields are marked *