1. Home >
  2. Internet & Security

Microsoft Releases Emergency Windows Patch for Malicious Image Attack

A pair of bugs in Windows 10 and Windows Server 2019 could allow attackers to create corrupted image files that let them execute remote code on machines. Microsoft's mechanism for patching this flaw is a bit unusual, though. 
By Ryan Whitwam
Windows-10
Microsoft rolls out patches to Windows 10 on a more or less regular schedule these days, but it wastes no time when there's a flaw that could put users at risk. The company is dealing with just such a scenario right now. A pair of bugs(Opens in a new window) in Windows 10 and Windows Server 2019 could allow attackers to create corrupted image files that let them execute remote code on machines. Microsoft's mechanism for patching this flaw is a bit unusual, though.  The bugs, known CVE-2020-1425 and CVE-2020-1457, are inside the Windows Codecs Library. This component contains the necessary software to decode and render many different image and video formats in Windows. By causing a buffer overflow with malformed image files, the attacker can "trick" the computer into leaking important data and running code hidden in the image files.  Microsoft says the bugs were disclosed privately, and it has no evidence of in-the-wild attacks. Remote code execution attacks are serious, but they used to be even more so. Address Space Layout Randomisation (ASLR) in modern operating systems helps reduce the danger by making attackers guess at where to insert their code. More often than not, the malicious program will just crash instead of taking over the system. However, the combination of CVE-2020-1425 and CVE-2020-1457 could be a problem.  Since the attack vectors are non-public, Microsoft is being a bit coy about the specifics. Based on Microsoft's vulnerability descriptions, CVE-2020-1425 and CVE-2020-1457 serve different functions, and they're probably both needed for a successful hack. CVE-2020-1425 can be used to obtain data about the system's memory configuration, and CVE-2020-1457 can most likely use that data to evade ASLR and execute the payload successfully. This would be a valuable vector to shadowy internet figures, but whoever discovered it did the right thing by disclosing it to Microsoft.  These vulnerabilities could be particularly dangerous because many different programs like browsers, image galleries, and so on rely on the Windows Codecs Library. The good news is this is one of the easier bugs to fix because the library is the same across all affected systems. However, Microsoft has deployed a patched version of the library in the Windows Store -- not via Windows Update. You don't have to do anything to get the patch, but you can manually pull down updates in the Store if you don't want to wait. Now read:

Tagged In

Windows Bugs Security Microsoft Windows 10

More from Internet & Security

Up-close of a smartphone with ChatGPT open.
ChatGPT Could Soon Get a Search Function, Complete with Source Links
By Adrianna Nine
Google Ads logo over red gradient
Google Bans Ads for Platforms That Generate Deepfake Pornography
By Adrianna Nine
A hand holding an Android smartphone.
'Dirty Stream' Attack Is Targeting Android Apps, Microsoft Warns
By Adrianna Nine
A finger typing on a backlit keyboard.
Okta Faces Spike in Credential Stuffing Attacks
By Adrianna Nine
The American flag on a flagpole.
Industry Experts Join Homeland Security's New AI Safety Board
By Adrianna Nine
Subscribe Today to get the latest ExtremeTech news delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of use(Opens in a new window) and Privacy Policy. You may unsubscribe from the newsletter at any time.
Thanks for Signing Up