Microsoft has released an emergency security updates for critical vulnerabilities that allow attackers to execute arbitrary code on the vulnerable machine.
The vulnerability rated as critical and it resides in Microsoft Windows Codecs Library that handles objects in the memory.
CVE-2020-1425 & CVE-2020-1457
The vulnerability can be exploited by an attacker if the user opens the malicious images inside apps that utilize the built-in Windows Codecs Library to handle multimedia content.
This would allow an attacker to run malicious code on the vulnerable machine and to take control over the machine.
Now Microsoft patched the issue by “correcting how Microsoft Windows Codecs Library handles objects in memory.”
The affected customers will get automatically updated by Microsoft Store. so no user action is required. Microsoft said “this vulnerability affects only HEVC(High-Efficiency Video Coding) or “HEVC from Device Manufacturer” media codecs from Microsoft Store may be vulnerable.”
Also, customers can manually download the updates or check for the updates with Microsoft Store App; more details can be found here.
Once the updates are completed, users can check for the version, Settings >> Apps & Features and select HEVC >> Advanced Options, there you can see the version of the apps. The secure versions are 1.0.31822.0, 1.0.31823.0 and later.