CVE-2020-1425 being critical and CVE-2020-1457 being severity -the two vulnerabilities
Microsoft releases two security updates that address two vulnerabilities CVE-2020-1425 and CVE-2020-1457 on Windows 10, affecting the Codecs Library on the OSs and server versions.
In both the cases, an issue with the remote code execution was found, caused due to the way the Microsoft Windows Codecs Library handles the objects in the memory.
Abdul-Aziz Hariri, a vulnerability analysis manager at Trend Micro’s Zero Day initiative was the first who reported these two vulnerabilities- CVE-2020-1425 and CVE-2020-1457- to the Microsoft.
On exploiting CVE-2020-1425, the attackers could obtain information to compromise the users’ device. While, after successfully exploit of the CVE-2020-1457 vulnerability, the crooks can lead to arbitrary code execution on the target device. The exploitation of these vulnerabilities requires a program to process a specially crafted image file.
These vulnerabilities were addressees by the two band security updates “by correcting how Microsoft Windows Codecs Library handles objects in memory,” said Microsoft.
Affected systems by these vulnerabilities include Windows 10 versions 1709 or later desktop platforms and Window server 2019 and several Windows Server versions.
Microsoft says, it has not identified any mitigation and workarounds of these vulnerabilities. It explains:
“Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update. Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App.”