Microsoft released two out-of-band security patches to address remote code execution vulnerabilities affecting Windows 10 Codecs Library, weeks ahead of the next Patch Tuesday when the company typically releases updates.
The first codecs vulnerability, disclosed as CVE-2020-1425, was rated critical. If an attacker successfully exploited the flaw, they “could obtain information to further compromise the user’s system,” Microsoft wrote in the advisory.
The second vulnerability, CVE-2020-1457, was rated important and could allow attackers to executive arbitrary code on vulnerable systems. “Exploitation of the vulnerability requires that a program process a specially crafted image file,” Microsoft wrote in both the advisories.
Microsoft said customers do not need to take any action to receive the update and that affected customers will be automatically updated.
By Arielle Waldman