Hackers can use specially crafted images to hack your Windows 10 PC/laptop and server using CVE-2020-1425 & CVE-2020-1457 flaws
An booby-trapped image can be used to hack into your Windows 10 PC/laptop or Windows 10 Server. Security researcher, Abdul-Aziz Hariri from Trend Micro’s Zero Day Initiative discovered two vulnerabilities in the way Windows 10 encodes and decodes images which could be used by potential hackers to remotely take control of your PC/laptop and server.
The high-severity bugs were sent to the Windows 10 security team who acknowledged the criticality of these flaws and issued an emergency update to patch them. The two flaws have been given unique identifiers CVE-2020-1425 & CVE-2020-1457 and have high severity score of 7.
Microsoft’s Windows 10 security bulletin says that there were two critical security holes in the Windows Codecs Library. These could be easily exploited by potential hackers by sending a specially crafted image to the victim. The images just need to be opened on the Windows 10 PC/laptop or server inside any app. Once the malformed image is loaded using built-in Windows Codecs Library to handle multimedia content, it could allow potential hackers to run malicious code (Remote Code Execution) on the Windows 10 computer and potentially take over the device.
After Hariri’s discovery, Microsoft immediately swung into action and released the patch for the two remote code execution (RCE) vulnerabilities earlier today. Microsoft said that there was no need for customers to take any action as the patches have been deployed to customer systems via an update to the Windows Codecs Library, delivered through the Windows Store app.
If you are not sure whether your Windows 10 PC/laptop or server has been patched against these two RCE bugs, you should do the following :
- On the taskbar, select Microsoft Store to open it.
- If you don’t see Microsoft Store on the taskbar, it might have been unpinned. Here’s how to find it: In the search box on the taskbar, enter Microsoft Store, then select it from the list.
- After you’ve opened Microsoft Store, select More > Downloads and updates > Get updates.
The Windows Store will automatically update your Windows Codecs Library.