Microsoft has notified that it’s found some security issues in the Microsoft Windows Codecs Library, affecting both Windows client versions and the Windows 10 Server versions. The software giant has posted details about the security issues and as per the details shared by the company, these are remote code execution vulnerabilities.
Windows 10 Version 1709 and later(both 32-bit and 64-bit), Windows Server 2019, Windows Server version 2004 Core are affected. In order to be able to exploit the bug, an attacker will need to create a specially crafted image file and get it opened on a target system(via Ghacks).
You can read the details that Microsoft posted about the vulnerabilities below.
- CVE-2020-1425 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
- CVE-2020-1457 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
However, what’s worse is the fact that there are no workarounds available to mitigate these security issues. Nevertheless, an update has been created to address the security issues, but we don’t exactly know as to when it’ll be available for the public to download it via Windows Update. Though, the company clarified that users don’t have to do anything to get the update as it’ll automatically be available via Windows Update.