Microsoft Emergency Patches - fixes Windows Codecs flaws 

Microsoft has released patches on two vulnerabilities affecting Windows 10 Codecs Library, possibly allowing the execution of unwanted code if exploited.

The first vulnerability disclosed as CVE-2020-1425, is marked critical, meaning that if exploited, hackers could use the vulnerability to obtain information to further compromise the targeted system, as written by Microsoft in the disclosed vulnerability page.

The second disclosed vulnerability, CVE-2020-1457, is rated as important and could allow attackers to execute arbitrary code on vulnerable systems. "Exploitation of the vulnerability requires that a program process a specially crafted image file," Microsoft wrote in both the advisories.

According to SearchSecurity, the vulnerabilities were reported to Microsoft in March by Abdul-Aziz Hariri, vulnerability analysis manager with Trend Micro's Zero Day Initiative.

"The vulnerabilities exist within the parsing of HEIC (High Efficiency Image File Format) images. The vulnerabilities are out of bound writes. Exploitation should not be terribly hard. They do require a certain level of user-interaction (opening a file or visiting a website)," Hariri wrote in an email to SearchSecurity.

Microsoft said customers do not need to take any action to receive the update and that affected customers will be automatically updated.

Read the article by SearchSecurity here.