HomeWinBuzzer NewsMicrosoft Confirms Windows Codecs Library Zero-Day Flaws

Microsoft Confirms Windows Codecs Library Zero-Day Flaws

Microsoft has confirmed two Windows 10 vulnerabilities related to Windows Codecs Library and is working on a fix.

-

has confirmed a pair of bugs affecting machines. Specifically, the company says it has found some security problems in the Codecs Library. This issue leaves both Windows 10 Server and Windows 10 client versions vulnerable.

In a security bulletin, Microsoft describes two flaws in Windows Codecs Library. The company points out both are remote code execution vulnerabilities. Unlike a spate of recent Windows problems, these flaws are not only related to Windows 10 May 2020 Update (version 2004).

Microsoft says the vulnerabilities are affecting all Windows 10 versions from build 1709 and onwards. They also affect the Windows 10 Server 2019 and version 2004 Core.

Below are the two vulnerabilities:

  • CVE-2020-1425 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
  • CVE-2020-1457 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability

“A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system.”

Details

Microsoft says the flaws were disclosed privately.

Both bugs can be exploited by a bad actor if they create a specially made image file and trick a victim into opening it on a target PC. There are no current workarounds available for either flaw. However, Microsoft has rolled out an update that plugs the security gap.

That update was sent out today automatically to users. Microsoft says the update came from the Microsoft Store app for the Codecs Library so is not available through .

Either way, users don't have to do anything because the updates will install on their own.

ViaMSPU
SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News