Tuesday Microsoft published two out-of-band security updates to patch two vulnerabilities in the Microsoft Windows Codecs Library, reports ZDNet:
Tracked as CVE-2020-1425 & CVE-2020-1457, the two bugs only impact Windows 10 and Windows Server 2019 distributions… Microsoft said the two security flaws can be exploited with the help of a specially crafted image file. If the malformed images are opened inside apps that utilize the built-in Windows Codecs Library to handle multimedia content, then attackers would be allowed to run malicious code on a Windows computer and potentially take over the device. The two bugs – described as two remote code execution vulnerabilities – received patches Wednesday.
“Customers do not need to take any action to receive the update,” Microsoft said.