Late Tuesday night, Microsoft released two out-of-band patches addressing two remote code execution (RCE) vulnerabilities. While both vulnerabilities are less likely to be exploited according to Microsoft, CVE-2020-1425 does have a severity rating of Critical, while CVE-2020-1457 is rated Important. Neither vulnerability has been exploited or publicly disclosed before this release.
No further details have been shared by Microsoft surrounding the two vulnerabilities or as to why they have been released out of band and ahead of the July Patch Tuesday. Both of these patches are available for Windows 10, Windows Server 2019, and Windows Server core installations. To successfully exploit this vulnerability, an attacker would need to deliver a specially crafted image file, like a JPG or TIFF or PNG, and convince the targeted victim to open the file. Data hidden within the image would then be processed by the image rendering program, executing arbitrary code on the endpoint. This code could be used to install a backdoor, allowing an attacker to modify user credentials, execute more code, or navigate laterally through the corporate network.
CVE-2020-1425 : Microsoft Windows Codecs Library Remote Code Execution Vulnerability
CVE-2020-1457 : Microsoft Windows Codecs Library Remote Code Execution Vulnerability
Your Plan of Attack? Update and Patch Now!
The most effective way to keep Windows fully secure and up-to-date is to patch now and patch automatically. Applying patches for your operating systems and third-party apps as soon as they become available is the best way to prevent an exploit. These out-of-band patches are available through the Windows Store and not through the traditional methods of patch deployment. Impacted customers should receive the update automatically, but to make sure your machine has received this and other Microsoft Store updates, follow the directions here.
About Automox Automated Patch Management
Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes aperture of attack by more than 80% with just half the effort of traditional solutions.
Cloud-based and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.
Experience modern, cloud-based patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.