Microsoft has released two out-of-band security updates to address a couple of vulnerabilities affecting Microsoft Windows Codecs Library.

Tracked as CVE-2020-1425 and CVE-2020-1457, the both security bugs are remote code execution issues that exist in the way that Microsoft Windows Codecs Library handles objects in memory. By exploiting the CVE-2020-1425 flaw an attacker could obtain information to further compromise the user’s system. In the case of CVE-2020-1457, the exploitation of this flaw could lead to remote code execution, Microsoft explained.

The two security flaws can be exploited by using a specially crafted image file.

“Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory,” Microsoft noted in the security advisory.

The bugs impact the following operating systems:

• Windows 10 version 1709

• Windows 10 version 1803

• Windows 10 version 1809

• Windows 10 version 1903

• Windows 10 version 1909

• Windows 10 version 2004

• Windows Server 2019

• Windows Server version 1803

• Windows Server version 1903

• Windows Server version 1909

• Windows Server version 2004

According to Microsoft, users do not need to take any action to receive the updates.

“Affected customers will be automatically updated by Microsoft Store,” the company said.