Microsoft Issues Out-of-Band Patches for RCE Flaws

  /     /     /  
Publicated : 23/11/2024   Category : security


Microsoft Issues Out-of-Band Patches for RCE Flaws


Vulnerabilities had not been exploited or publicly disclosed before fixes were released, Microsoft reports.



Microsoft has released two out-of-band security patches for remote code execution (RCE) laws in the Windows Codecs Library. The vulnerabilities affect both Windows 10 and Windows Server 2019.
Windows Codecs Library provides support for different photo and video file formats so software developers can support the media file formats their users expect. A critical flaw in the Codecs Library could affect several software programs at the same time, including browsers, document viewers, video editors, and image gallery tools, Sophos explains in a blog post.
CVE-2020-1425
, categorized as critical, and
CVE-2020-1457
, categorized as important, both exist in the way the Windows Codecs Library handles objects in memory, Microsoft says in its advisory. Exploitation for both bugs requires a program to process a specially crafted image file.
If exploited, CVE-2020-1425 could allow an attacker to obtain information that would let them further compromise a system. CVE-2020-1457 could enable someone to execute arbitrary code. Neither vulnerability was publicly known or exploited prior to the patches released this week, and Microsoft has not disclosed why it didnt wait until Patch Tuesday to deploy these fixes.
The updates released today address these flaws by correcting how the Windows Codecs Library handles objects in memory. Customers affected will be automatically updated via the Microsoft Store and dont need to take any action, the company says.
Read more details about both flaws
here
.
A listing of 
free products and services
 compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Last News

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Microsoft Issues Out-of-Band Patches for RCE Flaws