Monday, May 19, 2025
HomeCVE/vulnerabilityMicrosoft Released Emergency Security Updates for Windows 10 to Fix Remote Code...

Microsoft Released Emergency Security Updates for Windows 10 to Fix Remote Code Execution Bugs

Published on

SIEM as a Service

Follow Us on Google News

Microsoft has released an emergency security updates for critical vulnerabilities that allow attackers to execute arbitrary code on the vulnerable machine.

The vulnerability rated as critical and it resides in Microsoft Windows Codecs Library that handles objects in the memory.

The out-of-band security updates fix the critical-severity flaw (CVE-2020-1425) and important-severity vulnerability (CVE-2020-1457).

- Advertisement - Google News

CVE-2020-1425 & CVE-2020-1457

The vulnerability can be exploited by an attacker if the user opens the malicious images inside apps that utilize the built-in Windows Codecs Library to handle multimedia content.

This would allow an attacker to run malicious code on the vulnerable machine and to take control over the machine.

Now Microsoft patched the issue by “correcting how Microsoft Windows Codecs Library handles objects in memory.”

The affected customers will get automatically updated by Microsoft Store. so no user action is required. Microsoft said “this vulnerability affects only HEVC(High-Efficiency Video Coding) or “HEVC from Device Manufacturer” media codecs from Microsoft Store may be vulnerable.”

Also, customers can manually download the updates or check for the updates with Microsoft Store App; more details can be found here.

Once the updates are completed, users can check for the version, Settings >> Apps & Features and select HEVC >> Advanced Options, there you can see the version of the apps. The secure versions are 1.0.31822.0, 1.0.31823.0 and later.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity and hacking news updates.

Also Read

Microsoft Released a Largest-Ever Security Patch with the Fixes For 129 Vulnerabilities – Update Now

Microsoft Defender ATP Antivirus is now Available For Android Users in Public Preview

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

VMware ESXi, Firefox, Red Hat Linux & SharePoint Hacked – Pwn2Own Day 2

Security researchers demonstrated their prowess on the second day of Pwn2Own Berlin 2025, discovering...

Critical WordPress Plugin Flaw Puts Over 10,000 Sites of Cyberattack

A serious security flaw affecting the Eventin plugin, a popular event management solution for...

Sophisticated NPM Attack Leverages Google Calendar2 for Advanced Communication

A startling discovery in the npm ecosystem has revealed a highly sophisticated malware campaign...

New Ransomware Attack Targets Elon Musk Supporters Using PowerShell to Deploy Payloads

A newly identified ransomware campaign has emerged, seemingly targeting supporters of Elon Musk through...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Windows 10 KB5058379 Update Causes PCs to Enter Recovery Mode and Prompt for BitLocker Key

Security update KB5058379 for Windows 10, released in May 2025, is causing significant technical...

APT Group 123 Targets Windows Systems in Ongoing Malicious Payload Campaign

Group123, a North Korean state-sponsored Advanced Persistent Threat (APT) group also known by aliases...

Pwn2Own Day 1 – Windows 11, Red Hat Linux, & Oracle VirtualBox Hacked

Security researchers successfully illustrated significant vulnerabilities across several platforms on the first day of...