Microsoft Issues Two Emergency Security Updates

By | July 4, 2020
Print Friendly, PDF & Email

 

 

Microsoft Issues Two Emergency Security Updates

Microsoft Corporation

On Tuesday, June 30, 2020, Microsoft released two “out-of-band” emergency security updates for Windows 10 users. These emergency security updates patched two vulnerabilities that could allow attackers to run remote code execution against victims. Out-of-band patches are patches that are released outside of the normal cumulative updates and security updates normally issued on the second Tuesday of each month (Patch Tuesday). 

The following is from cyberscoop…

One of the flaws, catalogued as CVE-2020-1425, would allow attackers to gather information from victims about further compromising their targets. If attackers were to exploit another flaw, catalogued as CVE-2020-1457, they would be capable of executing arbitrary code, Microsoft said. To exploit the vulnerabilities, which affect Windows 10 and Windows Server distributions, they would have to use a “specially crafted image file,” Microsoft said.

The flaws were rated as “critical” and “important,” respectively.

Microsoft has addressed the vulnerabilities by correcting how objects in memory are handled by Microsoft Windows Codecs Library. Customers don’t have to take any action to receive the updates, Microsoft said.

Microsoft typically issues patches for vulnerabilities on the second Tuesday of each month. And although Microsoft said it hasn’t seen any threat actors exploiting the vulnerabilities in the wild, the fact that the company issued an out-of-band update indicates it found them critical enough to raise alarm outside of its normally scheduled updates.

Read the rest of this cyberscoop article here.

5 thoughts on “Microsoft Issues Two Emergency Security Updates

  1. Joyce Linsenmeyer

    I never received these updates at all, wonder why?

    Reply
  2. J.J.

    Checking my update history, I have updates to July 2nd but showing nothing for June 30th either.

    Reply
    1. infoave Post author

      It was released on June 30th, but that does not mean everyone will get it on June 30.

      Reply
  3. Nancy Moe

    According to my update history, my last updates were June 9, and nothing since then. Should there be something I should do/check?
    Thanks

    Reply
    1. infoave Post author

      It does not apply to all computers -only those with a certain CODEC installed. If you didn’t get it, you don’t need it.

      Reply

Leave a Reply

Your email address will not be published. Required fields are marked *