Microsoft has released an emergency out-of-band security update, which resolves two serious vulnerabilities in the Windows Codecs Library. The Redmond-based software giant has rolled out the update via Windows Store app. The bugs impact Windows 10 and Windows Server 2019 distributions with the tracking code CVE-2020-1425 & CVE-2020-1457. The bug was reported by Trend Micro’s Zero Day Initiative, which is a program between security researchers and larger companies.
According to Microsoft, the new security flaws can be easily exploited with the help of a specially crafted image file. The security bug has been designed in such a way to run malicious code on a Windows computer including the possible take over of the device.
The attacker could comprise the system only if the malformed images are opened inside those apps that make use of the integrated Windows Codecs Library. The two bugs that are described as Remote Code Execution (RCW) security vulnerability have been rectified with the update.
Microsoft hs delivered the patches via an update to the Windows Codecs Library via Windows Store app. As a surprise, the update is not rolled out via the standard Windows Update system. The company revealed that customers need not have to perform any action to receive the update.