Update Your Windows OS Immediately: Microsoft

Must Read

Skeletons in the Closet? Google-Facebook Involved in Secret Online Advertising Deal

If you can’t beat ‘em, join ‘em. And when two titans happen to decide upon an alliance,...

Smartphone Resale Value: Depreciation Is Surprising Enough [REPORT]

It's a tad cliché and true that smartphones have permeated every sphere of our life. The ceaseless...

“Open Up Cambridge Analytica, It’s CBI At the Door!”

Among all the establishments ensnared in deplorable acts, Cambridge Analytica has steadily climbed the ladder of infamy....

The mandate is clear from Microsoft; you must update Windows OS immediately!

Microsoft Corp (NASDAQ: MSFT), as of late, has been pushing out many updates for fixing faulty updates and security loopholes almost every single month. Thus, it is no longer surprising when the company announces the release of yet another update for Windows OS. This time, however, Microsoft, in order to fix some very critical bugs, managed to push out not one but two simultaneous security updates without any announcements as such.

These security updates released via Microsoft fixes remote code execution bugs in the Microsoft Windows Codecs Library which is something that handles how the operating system happens to compress big multimedia files like photos and videos and then decodes them for playback within various applications. The company, according to ZDnet, happened to credit a security researcher named Abdul-Aziz Hariri Microsoft for identifying the flaws and then reporting them to Trend Micro’s Zero Day Initiative (ZDI).

Advertisements

Both of these out-of-band updates which address a critical-severity flaw CVE-2020-1425 and an important-severity vulnerability CVE-2020-1457 were recorded to have been sent out via Windows Update on Tuesday night. They will affect several versions of Windows 10 and Windows Server 2019.

According to the updates, both vulnerabilities in Windows OS happen to allow for remote code execution in the way in which Microsoft Windows Codecs Library tends to handle objects in memory. If the CVE-2020-1425 vulnerability is exploited then it can easily enable an attacker to execute arbitrary code. When it comes to the CVE-2020-1457 vulnerability, it can be exploited in order to allow a threat actor to obtain critical information that can further lead to the compromise of a user’s system. 

If any user of an affected system opens a corrupted media file of any kind in applications that use the native Windows Codecs Library then the flaws can be exploited. Microsoft, in its advisories which offered very little specific details on the flaws, has included a complete list of the Windows 10 and Windows Server distributions affected and has mentioned that there happens to be ‘no mitigations or workarounds for the vulnerabilities’.

According to Microsoft, when the update is received, affected users needn’t take any action as they will be automatically updated by Microsoft Store. Alternatively, if there exist some users who wish to receive the updates this instantly, they can go ahead and check for updates with the Microsoft Store App itself.

Keep An Eye on Patch Tuesday

The second of Tuesday every month happens to be known as ‘Patch Tuesday’ for Microsoft, however, it is not completely uncommon for them to release updates outside of the second that. In this case, what did stand out is the fact that Microsoft actually happened to respond to the vulnerabilities which were uncovered by a third-party security researcher.

Advertisements

As of now, Microsoft said it has not yet detected either of the two Windows Codecs Library flaws being exploited for real by any malicious threat actors.

These patches came weeks after the regularly scheduled June Patch Tuesday of Microsoft wherein the company released the highest number of CVEs ever released in a single month. Within that humongous security update, 11 critical remote code-execution flaws were meticulously patched in Windows, SharePoint Server, Windows Shell, VBScript and other products.

It should also be noted that its June updates, unlike other recent monthly updates from Microsoft, did not include any zero-day vulnerabilities which were being actively attacked in the wild. Moving forward, it is evident that the company aims to keep its users safe by quickly deploying critical security updates at once. Thus, Windows users can remain at peace knowing Microsoft is actively working towards their customers’ safety. We will keep you updated on all future developments. Until then, stay tuned.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Amazon Prime Video: End Of Subscriber Hunt And Beginning Of An Ad-Fuelled Future!

The streaming landscape of India is going through a rapid transformation. Seems like it is no longer...

Why Is Retargeting Touted As A Secret Weapon For Success By Online Marketers

You know that ads play an important role in driving people to your website if you run a small business and sell...

Happy B’day Chad Hurley: The Co-Founder Of The World’s Largest Video Library

Chad Hurley never cared about success, he mended his ideas and tried to garner the fruits from those. But not every time...

Encouraged By Record Profit of RIL, Ambani Wants To Accelerate 5G Arrival in India

Brace yourselves for the sooner-than-anticipated arrival of  Reliance Jio 5G services because the 63-year-old billionaire tycoon Ambani recently pledged to the speedy launch...

How Mobile Is Becoming A Catalyst Of Online Gambling Market Growth

The global online gambling market is now one of the biggest and it is expected to grow up to 127.3 billion US...

“Open Up Cambridge Analytica, It’s CBI At the Door!”

Among all the establishments ensnared in deplorable acts, Cambridge Analytica has steadily climbed the ladder of infamy. The roots of its malice...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter,...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one...

More Articles Like This