Microsoft is rolling out patch updates for Windows 10 users two weeks ahead of the regular patch cycle. The emergency updates carry patch files for vulnerabilities that exploit the way Windows Codecs Library handles objects in memory.
This exploit allows hackers to take control of the user’s computer by using a crafted image file and running arbitrary code. Of course, the user will have to launch the file in order to give hackers control.
The security flaws dubbed CVE-2020-1425 and CVE-2020-1457 were first reported by Trend Micro Zero Day Initiative security researcher Abdul-Aziz Hariri, and since then, the company took swift action to resolve the flaw.
According to Microsoft, since the flaws were not publicly revealed prior to sending the patch files, the chances of exploitation were low. However, the company didn’t want to take any chances and hurried to patch the vulnerabilities that affected both platforms, i.e., Windows 10 and Windows Server operating systems.
Although the update consisting of the patch file has been rolled out automatically and will reach all the Windows 10 devices globally soon, you can also manually download the update from the Microsoft Store in the forms of patches.
Microsoft has also revealed the list of the versions of operating systems that suffered from this issue, these include:
- Windows 10 version 1709
- Windows 10 version 1803
- Windows 10 version 1809
- Windows 10 version 1903
- Windows 10 version 1909
- Windows 10 version 2004
- Windows Server 2019
- Windows Server version 1803
- Windows Server version 1903
- Windows Server version 1909
- Windows Server version 2004