After Microsoft’s largest ever single-month release of CVEs, two additional security updates have now been pushed. These emergency patches are to fix remote code execution issues the Windows Codecs Library, CVE-2020-1425 and CVE-2020-1457.
Severity and Exploitability
With a severity rating of Critical and Important, these could allow attackers to take control of affected systems by running malicious payloads. Microsoft reports not having seen exploitation of these issues in the wild and rates the likelihood of exploitation as “less likely.” However, researchers and attackers may develop working proofs of concept as more information on these issues comes to light.
Affected Systems
These two issues affect several versions of Windows 10 and Windows Server. A full list of affected operating systems is available here.
Remediation
No action is needed to receive the updates, however, your regular update process may not provide you with these patches. The updates are available through the Microsoft Store rather than the Windows Update process.