Otto  background

Patch Now! Two Out-of-Band Patches Fix RCE in Windows

Connect With Us

Start now, and patch, configure, and control all your endpoints in just 15 minutes.

Late Tuesday night, Microsoft released two out-of-band patches addressing two remote code execution (RCE) vulnerabilities. While both vulnerabilities are less likely to be exploited according to Microsoft, CVE-2020-1425 does have a severity rating of Critical, while CVE-2020-1457 is rated Important. Neither vulnerability has been exploited or publicly disclosed before this release.

No further details have been shared by Microsoft surrounding the two vulnerabilities or as to why they have been released out of band and ahead of the July Patch Tuesday.  Both of these patches are available for Windows 10, Windows Server 2019, and Windows Server core installations. To successfully exploit this vulnerability, an attacker would need to deliver a specially crafted image file, like a JPG or TIFF or PNG, and convince the targeted victim to open the file. Data hidden within the image would then be processed by the image rendering program, executing arbitrary code on the endpoint.  This code could be used to install a backdoor, allowing an attacker to modify user credentials, execute more code, or navigate laterally through the corporate network.

  • CVE-2020-1425 : Microsoft Windows Codecs Library Remote Code Execution Vulnerability

  • CVE-2020-1457 : Microsoft Windows Codecs Library Remote Code Execution Vulnerability

Your Plan of Attack? Update and Patch Now!

The most effective way to keep Windows fully secure and up-to-date is to patch now and patch automatically. Applying patches for your operating systems and third-party apps as soon as they become available is the best way to prevent an exploit. These out-of-band patches are available through the Windows Store and not through the traditional methods of patch deployment. Impacted customers should receive the update automatically, but to make sure your machine has received this and other Microsoft Store updates, follow the directions here.

Automox for Easy IT Operations

Automox is the cloud-native IT operations platform for modern organizations. It makes it easy to keep every endpoint automatically configured, patched, and secured – anywhere in the world. With the push of a button, IT admins can fix critical vulnerabilities faster, slash cost and complexity, and win back hours in their day. 

Grab your free trial of Automox and join thousands of companies transforming IT operations into a strategic business driver.

Dive deeper into this topic

loading...