Microsoft released software updates on June 30 to patch two high-risk security vulnerabilities affecting users of Windows 10 and Server editions. Both flaws likely reside in the Windows Codec Library.
The two newly disclosed security vulnerabilities, assigned CVE-2020-1425 and CVE-2020-1457, are remote code execution bugs that could allow an attacker to execute arbitrary code and control the compromised Windows computer.
However, exploiting both flaws requires an attacker to trick a user running an affected Windows system into clicking on a specially crafted image file to open with any application that uses the built-in Windows codec library.
CVE-2020-1425 is more critical because successful exploitation could allow an attacker to even harvest data to further compromise the affected user’s system.
The second vulnerability, tracked as CVE-2020-1457, has been rated as important and could allow an attacker to execute arbitrary code on an affected Windows system.
However, none of the security vulnerabilities have been reported as publicly known or actively exploited by hackers at the time Microsoft released emergency patches.
According to the warnings, Abdul-Aziz Hariri of Trend Micro’s Zero Day Initiative informed Microsoft of both vulnerabilities and it affects the following operating systems:
Since Microsoft is not aware of any solutions or mitigating factors for these vulnerabilities, Windows users are advised to deploy new patches before attackers start exploiting the issues and compromising their systems.
Source: https://thehackernews.com/2020/07/windows-security-update.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+TheHackersNews+%28The+Hackers+News+-+Cyber+Security+Blog%29&_m=3n.009a.2264.pq0ao0e48j.1f7i
At Itera we can help you.
Contact a specialist: seguridad@iteraprocess.com
Related posts
Ready to take full control of your cloud investment?
Casos de éxito
