Microsoft Releases Emergency Fix for Cyber Security Vulnerability

Microsoft has released patches on two vulnerabilities affecting Windows 10 Codecs Library, possibly allowing the execution of unwanted code if exploited.

The first vulnerability disclosed as CVE-2020-1425, is marked critical, meaning that if exploited, hackers could use the vulnerability to obtain information to further compromise the targeted system, as written by Microsoft in the disclosed vulnerability page.

The second disclosed vulnerability, CVE-2020-1457, is rated as important and could allow attackers to execute arbitrary code on vulnerable systems. "Exploitation of the vulnerability requires that a program process a specially crafted image file," Microsoft wrote in both the advisories.

According to SearchSecurity, the vulnerabilities were reported to Microsoft in March by Abdul-Aziz Hariri, vulnerability analysis manager with Trend Micro's Zero Day Initiative.

"The vulnerabilities exist within the parsing of HEIC (High Efficiency Image File Format) images. The vulnerabilities are out of bound writes. Exploitation should not be terribly hard. They do require a certain level of user-interaction (opening a file or visiting a website)," Hariri wrote in an email to SearchSecurity.

Microsoft said customers do not need to take any action to receive the update and that affected customers will be automatically updated.

Read the article by SearchSecurity here.

Your Security is our Priority

Your friendly Support Team

Speak to us about all your computer needs

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.