MADRID, 1 Jul. (Portaltic/EP) –
Microsoft has released a security update to fix two vulnerabilities present in the Windows 10 codec library that cyber criminals could exploit by using altered images.
The vulnerabilities, which Microsoft has recognized on its security website, are known as CVE-2020-1425 and CVE-2020-1457 and expose users to Windows 10 and Windows Server variant to code execution remotely and get information that could compromise the operation of the system.
The bugs, discovered by cybersecurity company Trend Micro, were present in the Windows codec library and in the way that this component of the Microsoft system manages objects in memory.
In order to exploit the vulnerabilities, the criminals had to carry out a special process to create a malicious image that could compromise the system. However, Microsoft has not discovered that ‘hackers’ have exploited this problem so far.
The update precisely fixes the vulnerability by correct the way the Windows codec library manages memory.
The patch has been automatically released through the Microsoft Store on the systems Windows 10 (versions 1709, 1803, 1809, 1903, 1909 and the latest, 2004) and in Windows Server 2019 (versions 1803, 1903, 1909 and 2004).
–
