Microsoft releases emergency security update to fix security vulnerability in Windows 10/Server

Microsoft released two emergency security updates today due to a security vulnerability found in Windows 10 and Windows Server. Microsoft said the two vulnerabilities, though not publicly disclosed, are less likely to be exploited by hackers, but the company is not waiting until the July 14 patch issue released this update.

Microsoft releases emergency security update to fix security vulnerability in Windows 10/Server

Microsoft releases emergency security update to fix security vulnerability in Windows 10/Server

Microsoft detailed these two remote code execution vulnerabilities in CVE-2020-1425 and CVE-2020-1457, allowing an attacker to execute arbitrary code and take control of the compromised computer. Microsoft says these flaws exist in the way the Windows Codecs library processes in-memory objects, and that carefully crafted images can gain permissions on the target device.

“There is a remote code execution vulnerability in the way Microsoft Windows Codecs Library handles objects in memory,” Microsoft wrote in a security bulletin. An attacker who successfully exploits the vulnerability can obtain information that further compromises the user’s system. “

It is understood that the affected version of Windows includes

Windows 10 version 1709

Windows 10 version 1803

Windows 10 version 1809

Windows 10 version 1903

Windows 10 version 1909

Windows 10 version 2004

Windows Server 2019

Windows Server version 1803

Windows Server version 1903

Windows Server version 1909

Windows Server Version 2004