On June 30, 2020, Microsoft discreetly rolled out-of-band software updates of Windows 10 and Windows Server 2019 editions. This delivery was apparently needed to cover up and patch two critical vulnerabilities affecting millions of devices.
As is common knowledge, Microsoft holds a monthly ‘Patch Tuesday Updates’ session, which was coming up on July 14. But as is clear now, Microsoft could not wait till then to release the patches. What was so critical?
Actually, both said vulnerabilities were high severity bugs present in Windows Codecs Library. Codecs are a set of software libraries that support Windows OS for large multimedia such as video, audio, images file extensions. It’s main function is compression, decompression, playback, etc. Codecs are a sensitive attack vector that can be compromised to run malicious media files.
Microsoft Windows Codecs Vulnerability
The latest Microsoft Windows vulnerabilities are remote code execution flaws, that can allow the threat actor to take over the victim’s Windows machine and execute arbitrary code. These have been identified as:
The flaws are similar in nature, and as mentioned earlier, reside in the Microsoft Windows Codecs library, specifically how it handles objects in the memory. Now to exploit the Codecs library vulnerabilities, the attacker needs to create a malicious image file and trick the user by:
- Find a victim that’s using the affected Windows version
- Send him the specially crafted media
- The victim needs to open this file in any application with built-in Windows codecs library
- Successful exploitation leading to:
- CVE-2020-1457 allows the attacker arbitrary code execution
- CVE-2020-1425, along with RCE, also gathers user data for further maneuver practices
Microsoft Windows Codecs Patch
Although critical, none of Windows Codecs vulnerabilities seem to have been exploited in the wild (as known publicly) till now. Fortunately for all Windows 10 users, Microsoft released the patches before announcing the RCE flaws.
The research was carried out and reported to Microsoft by Abdul-Aziz Hariri of Trend Micro's ZDI (Zero Day Initiative). The affected Windows Operating System and Versions include:
- Windows 10 version 1709
- Windows 10 version 1803
- Windows 10 version 1809
- Windows 10 version 1903
- Windows 10 version 1909
- Windows 10 version 2004
- Windows Server 2019
- Windows Server version 1803
- Windows Server version 1903
- Windows Server version 1909
- Windows Server version 2004
So far, no mitigation workaround has been found, that’s why it is imperative that all users of affected devices update to the latest version (if it hasn’t already automatically), before any attacker targets you.
In more recent news from Microsoft, in it’s June 2020 Patch Tuesday, Microsoft had fixed an even more severe vulnerability – SMBleed, that’s an evolved version of SMBGhost. This exploited the Windows SMB protocol and allowed threat actors to leak kernel memory remotely.
Unlike the above instances, where Microsoft provided quick and efficient patches, a Remote Desktop Protocol Vulnerability left 3rd Party clients exposed to critical attacks. This happened after multiple patches were released through 2019 and 2020.
Keep yourself updated with such latest cybersecurity news.