Microsoft launches emergency security updates to fix codecs

Claudiu Andone
by Claudiu Andone
Windows & Software Expert
Loading Comments
Download PDF
Affiliate Disclosure

  • CVE-2020-1425 and CVE-2020-1457 are two security vulnerabilities or remote code execution vulnerabilities as Microsoft calls them.
  • Both vulnerabilities exploit a vulnerability in the way that Microsoft Windows Codecs Library handles objects in memory.
  • If you're interested in the latest Windows 10 updates, check our Windows 10 Updates section.
  • For more information on updates and security, feel free to visit our comprehensive Updates & Security Hub.
Microsoft launches emergency security updates to patch codecs

Usually, security updates come in the notorious Patch Tuesday (the second Tuesday of the month), but Microsoft just released two new, out-of-bound security updates.

That is two weeks before Patch Tuesday and gives us some idea about the CVE vulnerabilities importance and the urgency of the updates.

CVE-2020-1425 and CVE-2020-1457 are two security vulnerabilities or remote code execution vulnerabilities as Microsoft calls them.

The vulnerabilities affect the Windows Codecs Library for all Windows 10 versions and Windows Server versions.

How can CVE-2020-1425 and CVE-2020-1457 be exploited?

Both vulnerabilities exploit a vulnerability in the way that Microsoft Windows Codecs Library handles objects in memory.

CVE-2020-1425 is a critical vulnerability and the attacker who would exploit it could obtain information to further compromise the user’s system.

CVE-2020-1457 is listed just as important but it sounds just as dangerous as the attacker who exploits this vulnerability could execute arbitrary code.

Microsoft specifies that the vulnerabilities were not publicly disclosed, have not been exploited, and are less likely to be exploited.

What is the exploitation method for the vulnerabilities?

Apparently, to benefit from this bug, the attacker sends a specially crafted image file that needs to be processed by a program on your computer.

The good news is that you don’t need to do anything to patch your system. The Windows Media Codec will be updated automatically through the Microsoft Store.

Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update.

Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App; more information on this process can be found here.

What do you think about Microsoft’s latest updates? Tell us all about it in the comments section below.