Act now – emergency update for Windows 10

By Euan Henderson

Cyber Security Apprentice

Microsoft has released two out-of-band security updates as an emergency update after two remote code execution vulnerabilities were found within the Windows Codecs Library.

Both CVE-2020-1425 and CVE-2020-1457 warn of a large image file that is maliciously crafted and, due to how the Windows Codecs Library handles objects in memory, can compromise the Windows 10 system.

The patch for this is being pushed out via the Microsoft store automatically if automatic updates have been enabled.

Whilst this may put many minds at rest, it is recommended that this be installed as soon as possible rather than waiting for the automatic updates to be installed, due to the severity and potential impact of this exploit.

To carry this out go to the Microsoft Store app and check for updates, there are currently no mitigations or work arounds for this vulnerability.

As many of you will know, for this type of vulnerability, the Cyber Essentials standard has a set of guidelines for patching of machines. Critical vulnerability patches must be installed within 14 days to mitigate the potential of exploitation.

For more information and a complete list of all Operating Systems affected please visit:

https://www.forbes.com/sites/daveywinder/2020/07/01/one-large-image-could-compromise-windows-10-emergency-security-update-confirmed-crtitical-microsoft-vulnerability/#844fbf3e3fd1