Tuesday, March 2, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws

July 1, 2020
in Internet Privacy
Microsoft Releases Urgent Windows Update to Patch Two Critical Flaws
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Microsoft yesterday quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions’ users.

To be noted, Microsoft rushed to deliver patches almost two weeks before the upcoming monthly ‘Patch Tuesday Updates’ scheduled for 14th July.

You might also like

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions

Why do companies fail to stop breaches despite soaring IT security investment?

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

That’s likely because both flaws reside in the Windows Codecs Library, an easy attack vector to social engineer victims into running malicious media files downloaded from the Internet.

For those unaware, Codecs is a collection of support libraries that help the Windows operating system to play, compress and decompress various audio and video file extensions.

The two newly disclosed security vulnerabilities, assigned CVE-2020-1425 and CVE-2020-1457, are both remote code execution bugs that could allow an attacker to execute arbitrary code and control the compromised Windows computer.

According to Microsoft, both remote code execution vulnerabilities reside in the way Microsoft Windows codec library handles objects in memory.

However, exploiting both flaws requires an attacker to trick a user running an affected Windows system into clicking on a specially crafted image file designed to be opened with any app that uses the built-in Windows Codec Library.

Out of both, CVE-2020-1425 is more critical because the successful exploitation could allow an attacker even to harvest data to compromise the affected user’s system further.

The second vulnerability, tracked as CVE-2020-1457, has been rated as important and could allow an attacker to execute arbitrary code on an affected Windows system.

However, none of the security vulnerabilities has been reported as being publicly known or actively exploited in the wild by hackers at the time Microsoft released emergency patches.

According to advisories, both vulnerabilities were reported to Microsoft by Abdul-Aziz Hariri of Trend Micro’s Zero Day Initiative and affect the following operating systems:

  • Windows 10 version 1709
  • Windows 10 version 1803
  • Windows 10 version 1809
  • Windows 10 version 1903
  • Windows 10 version 1909
  • Windows 10 version 2004
  • Windows Server 2019
  • Windows Server version 1803
  • Windows Server version 1903
  • Windows Server version 1909
  • Windows Server version 2004

Since Microsoft is not aware of any workaround or mitigating factor for these vulnerabilities, Windows users are strongly recommended to deploy new patches before attackers start exploiting the issues and compromise their systems.

However, the company is rolling out the out-of-band security updates through the Microsoft Store, so the affected users will be automatically updated without requiring any further action.

Alternatively, if you want don’t want to wait for a few more hours or a day, you can immediately install patches by checking for new updates through the Microsoft Store.


Credit: The Hacker News By: noreply@blogger.com (Swati Khandelwal)

Previous Post

Can CodeGuru Improve Your Code with Machine Learning?

Next Post

Android security: This fake message about a missed delivery leads to data-stealing malware

Related Posts

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions
Internet Privacy

Chinese Hackers Targeted India’s Power Grid Amid Geopolitical Tensions

March 2, 2021
Why do companies fail to stop breaches despite soaring IT security investment?
Internet Privacy

Why do companies fail to stop breaches despite soaring IT security investment?

March 2, 2021
Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites
Internet Privacy

Gootkit RAT Using SEO to Distribute Malware Through Compromised Sites

March 2, 2021
SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020
Internet Privacy

SolarWinds Blames Intern for Weak Password That Led to Biggest Attack in 2020

March 1, 2021
Cisco Releases Security Patches for Critical Flaws Affecting its Products
Internet Privacy

Cisco Releases Security Patches for Critical Flaws Affecting its Products

February 27, 2021
Next Post
Android security: This fake message about a missed delivery leads to data-stealing malware

Android security: This fake message about a missed delivery leads to data-stealing malware

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC
Internet Security

Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC

March 2, 2021
DSC Weekly Digest 01 March 2021
Data Science

DSC Weekly Digest 01 March 2021

March 2, 2021
The case for Bayesian Learning in mining
Machine Learning

The case for Bayesian Learning in mining

March 2, 2021
Scientists have built this ultrafast laser-powered random number generator
Internet Security

Scientists have built this ultrafast laser-powered random number generator

March 2, 2021
Companies in the Global Data Science Platforms Resorting to Product Innovation to Stay Ahead in the Game
Data Science

Companies in the Global Data Science Platforms Resorting to Product Innovation to Stay Ahead in the Game

March 2, 2021
Aries becomes next Hyperledger project graduating to active status
Blockchain

Aries becomes next Hyperledger project graduating to active status

March 2, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Australia’s new ‘hacking’ powers considered too wide-ranging and coercive by OAIC March 2, 2021
  • DSC Weekly Digest 01 March 2021 March 2, 2021
  • The case for Bayesian Learning in mining March 2, 2021
  • Scientists have built this ultrafast laser-powered random number generator March 2, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates