Tuesday, September 10, 2024
HomeCVE/vulnerabilityMicrosoft Released Emergency Security Updates for Windows 10 to Fix Remote Code...

Microsoft Released Emergency Security Updates for Windows 10 to Fix Remote Code Execution Bugs

Published on

Microsoft has released an emergency security updates for critical vulnerabilities that allow attackers to execute arbitrary code on the vulnerable machine.

The vulnerability rated as critical and it resides in Microsoft Windows Codecs Library that handles objects in the memory.

The out-of-band security updates fix the critical-severity flaw (CVE-2020-1425) and important-severity vulnerability (CVE-2020-1457).

- Advertisement - EHA

CVE-2020-1425 & CVE-2020-1457

The vulnerability can be exploited by an attacker if the user opens the malicious images inside apps that utilize the built-in Windows Codecs Library to handle multimedia content.

This would allow an attacker to run malicious code on the vulnerable machine and to take control over the machine.

Now Microsoft patched the issue by “correcting how Microsoft Windows Codecs Library handles objects in memory.”

The affected customers will get automatically updated by Microsoft Store. so no user action is required. Microsoft said “this vulnerability affects only HEVC(High-Efficiency Video Coding) or “HEVC from Device Manufacturer” media codecs from Microsoft Store may be vulnerable.”

Also, customers can manually download the updates or check for the updates with Microsoft Store App; more details can be found here.

Once the updates are completed, users can check for the version, Settings >> Apps & Features and select HEVC >> Advanced Options, there you can see the version of the apps. The secure versions are 1.0.31822.0, 1.0.31823.0 and later.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read

Microsoft Released a Largest-Ever Security Patch with the Fixes For 129 Vulnerabilities – Update Now

Microsoft Defender ATP Antivirus is now Available For Android Users in Public Preview

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Chinese Hackers Using Open Source Tools To Launch Cyber Attacks

Three Chinese state-backed threat groups, APT10, GALLIUM, and Stately Taurus, have repeatedly employed a...

Small Business, Big Threats: INE Security Launches Initiative to Train SMBs to Close a Critical Skills Gap

As cyber threats grow, small to medium-sized businesses (SMBs) are disproportionately targeted. According to...

Researchers Details Attacks On Air-Gaps Computers To Steal Data

The air-gap data protection method isolates local networks from the internet to mitigate cyber...

Beware Of Malicious Chrome Extension That Delivers Weaponized ZIP Archive

In August 2024, researchers detected a malicious Google Chrome browser infection that led to...

Free Webinar

Decoding Compliance | What CISOs Need to Know

Non-compliance can result in substantial financial penalties, with average fines reaching up to $4.5 million for GDPR breaches alone.

Join us for an insightful panel discussion with Chandan Pani, CISO - LTIMindtree and Ashish Tandon, Founder & CEO – Indusface, as we explore the multifaceted role of compliance in securing modern enterprises.

Discussion points

The Role of Compliance
The Alphabet Soup of Compliance
Compliance
SaaS and Compliance
Indusface's Approach to Compliance

More like this

CISA Issues Warning About Three Actively Exploited Vulnerabilities in the Wild

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about three...

Akira Ransomware Actively Exploiting SonicWall firewall RCE Vulnerability

SonicWall disclosed a critical remote code execution vulnerability (CVE-2024-40766) in SonicOS on August 22nd,...

IBM webMethods Integration Server Vulnerabilities Exposes Systems to Arbitrary Command Execution

Critical vulnerabilities have been identified, potentially exposing systems to arbitrary command execution.These vulnerabilities,...