CVE-2020-1457/1425: Microsoft Windows Codecs Library Remote Code Execution Vulnerability Alert
On June 30, 2020, Microsoft officially released a risk notification for the Microsoft Windows Codecs library remote code execution Vulnerability The vulnerability numbers are CVE-2020-1457 [1] and CVE-2020-1425 [2], and the vulnerability level is serious. Windows Codecs Library is one of the audio and video file codecs.
There is a remote code execution vulnerability in the way that the Microsoft Windows codec library handles objects in memory. An attacker can use this vulnerability to execute arbitrary code with the help of a specially crafted image file.
Affected version
- Windows 10/Server version 1709 and newer
- Windows Server 2019
Solution
In this regard, we recommend that users install the latest patches in a timely manner. Users can check for updates on their own through the Microsoft Store App.
- On the taskbar, select Microsoft Store to open it.
- If you don’t see Microsoft Store on the taskbar, it might have been unpinned. Here’s how to find it: In the search box on the taskbar, enter Microsoft Store, then select it from the list.
- After you’ve opened Microsoft Store, select More > Downloads and updates > Get updates.
