Fri. Aug 14th, 2020

CVE-2020-1457/1425: Microsoft Windows Codecs Library Remote Code Execution Vulnerability Alert

1 min read

On June 30, 2020, Microsoft officially released a risk notification for the Microsoft Windows Codecs library remote code execution Vulnerability The vulnerability numbers are CVE-2020-1457 [1] and CVE-2020-1425 [2], and the vulnerability level is serious. Windows Codecs Library is one of the audio and video file codecs.

There is a remote code execution vulnerability in the way that the Microsoft Windows codec library handles objects in memory. An attacker can use this vulnerability to execute arbitrary code with the help of a specially crafted image file.
Windows 10 Insider Preview Build 19577

Affected version

  • Windows 10/Server version 1709 and newer
  • Windows Server 2019

Solution

In this regard, we recommend that users install the latest patches in a timely manner. Users can check for updates on their own through the Microsoft Store App.

  • On the taskbar, select Microsoft Store  to open it.
  • If you don’t see Microsoft Store  on the taskbar, it might have been unpinned. Here’s how to find it: In the search box on the taskbar, enter Microsoft Store, then select it from the list.
  • After you’ve opened Microsoft Store, select More  > Downloads and updates > Get updates.