Microsoft Releases New Update to Patch Dangerous Vulnerabilities
Microsoft rushed to deliver patches almost two weeks before the upcoming monthly 'Patch Tuesday Updates' scheduled for 14th July.
Researchers also found this vulnerabilities (both) residing in the Windows Codecs Library, this vulnerability could have made an easy attack vector to social engineer victims into running malicious media files downloaded from the Internet.
For those who don't know what Codecs is, Codecs is a collection of support libraries that helps Windows operating system to play, compress and decompress various audio and video file extensions.
These two newly disclosed security vulnerabilities, which is assigned CVE-2020-1425 and CVE-2020-1457, are said to be a remote code execution bugs that could allow an attacker to execute arbitrary codes and control the compromised Windows computer.
Microsoft also disclosed that, both remote code execution vulnerabilities habitat in the Microsoft Windows Codecs library handles objects in memory.
For those who don't know what Codecs is, Codecs is a collection of support libraries that helps Windows operating system to play, compress and decompress various audio and video file extensions.
These two newly disclosed security vulnerabilities, which is assigned CVE-2020-1425 and CVE-2020-1457, are said to be a remote code execution bugs that could allow an attacker to execute arbitrary codes and control the compromised Windows computer.
Microsoft also disclosed that, both remote code execution vulnerabilities habitat in the Microsoft Windows Codecs library handles objects in memory.
How Hacker can exploit this vulnerabilities
It is also disclosed, for an hacker to be able to exploit these flaws he/she requires to trick a user that's running an affected Windows system by only clicking on a specially crafted image file, which is designed to be opened with any app that uses the built-in Windows Codec Library.
Out of both, the vulnerability CVE-2020-1425 is said to be more critical because the successful exploitation could easily allow an attacker even to harvest data to compromise the affected user's system further.
However, the second vulnerability tracked as CVE-2020-1457, was rated as important and could easily make an attacker to execute arbitrary code on an affected Windows system.
The good news is, although these vulnerabilities has been patched but none of the security vulnerabilities has been reported as being publicly known or actively exploited in the wild by hackers at the time Microsoft released emergency patches.
The good news is, although these vulnerabilities has been patched but none of the security vulnerabilities has been reported as being publicly known or actively exploited in the wild by hackers at the time Microsoft released emergency patches.
Advisories also disclosed, both vulnerabilities were reported to Microsoft by Abdul-Aziz Hariri of Trend Micro's Zero Day Initiative and affect the following operating systems:
Microsoft has also advised its users to update their system to actively protect themselves from the attack or before attackers start exploiting the issues and compromise their systems.
However, the company has started rolling out the out-of-band security updates through the Microsoft Store, so the affected users will be automatically updated without requiring any further action.
Alternatively, it is advisable to update your system rather than waiting for a few more hours or a day, you can immediately install patches by checking for new updates through the Microsoft Store.
- Windows 10 version 1709
- Windows 10 version 1803
- Windows 10 version 1809
- Windows 10 version 1903
- Windows 10 version 1909
- Windows 10 version 2004
- Windows Server 2019
- Windows Server version 1803
- Windows Server version 1903
- Windows Server version 1909
- Windows Server version 2004
Microsoft has also advised its users to update their system to actively protect themselves from the attack or before attackers start exploiting the issues and compromise their systems.
However, the company has started rolling out the out-of-band security updates through the Microsoft Store, so the affected users will be automatically updated without requiring any further action.
Alternatively, it is advisable to update your system rather than waiting for a few more hours or a day, you can immediately install patches by checking for new updates through the Microsoft Store.
You have anything to say? Drop a comment below and Subscribe to our website
About Abdullahi Abdulmalik
No comments