Microsoft has released two out-of-band security updates to address a couple of vulnerabilities affecting Microsoft Windows Codecs Library.
Tracked as CVE-2020-1425 and CVE-2020-1457, the both security bugs are remote code execution issues that exist in the way that Microsoft Windows Codecs Library handles objects in memory. By exploiting the CVE-2020-1425 flaw an attacker could obtain information to further compromise the user’s system. In the case of CVE-2020-1457, the exploitation of this flaw could lead to remote code execution, Microsoft explained.
The two security flaws can be exploited by using a specially crafted image file.
“Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory,” Microsoft noted in the security advisory.
The bugs impact the following operating systems:
Windows 10 version 1709
Windows 10 version 1803
Windows 10 version 1809
Windows 10 version 1903
Windows 10 version 1909
Windows 10 version 2004
Windows Server 2019
Windows Server version 1803
Windows Server version 1903
Windows Server version 1909
Windows Server version 2004
According to Microsoft, users do not need to take any action to receive the updates.
“Affected customers will be automatically updated by Microsoft Store,” the company said.