Microsoft rolls out emergency updates to fix Security flaws on Windows 10

Microsoft rolls out emergency updates to fix Security flaws on Windows 10

Microsoft has recently rolled out two emergency updates that fix certain security flaws in its Windows 10 and Windows Server operating systems. This update arrives just two weeks earlier than its regular Tuesday Patch cycle.

According to Microsoft, the flaws had not been publicly revealed so its chances of exploitation were low, but regardless, the company hurried to patch the vulnerabilities that affected both platforms rather than waiting for the July 14 update cycle. The security flaws in question have been labeled as CVE-2020-1425 and CVE-2020-1457, which allow exploiters to execute arbitrary code and take control of the affected computer.

Apparently, these flaws existed due to the way Windows Codecs Library handles objects in memory. In other words, a potential attacker could hack into a system by using a crafted image file that would need to launch on the targeted computer. The company also revealed the list of the versions of operating systems that suffered from this issue, which includes:

• Windows 10 version 1709
• Windows 10 version 1803
• Windows 10 version 1809
• Windows 10 version 1903
• Windows 10 version 1909
• Windows 10 version 2004
• Windows Server 2019
• Windows Server version 1803
• Windows Server version 1903
• Windows Server version 1909
• Windows Server version 2004

The security flaws were first reported to the company by Trend Micro Zero Day Initiative security researcher Abdul-Aziz Hariri. Users can now download the update from the Microsoft Store in the forms of patches that will update the Windows Media Codec. Although, these updates have been sent out automatically as well.

Source: gizmochina