Microsoft bumped into a twofold of issues in two codecs from the Windows Codecs Library, which were found to be vulnerable to systems running Windows 10 and Windows Server 2019.

The patches have seen what is called an 'emergency security update', highlighting the importance of the issues found.  Tracked as CVE-2020-1425 & CVE-2020-1457, the two bugs only impact Windows 10 and Windows Server 2019 distributions. In security advisories (1), (2) Microsoft published the two security flaws can be exploited with the help of a specially crafted image file.

If the malformed images are opened inside apps that utilize the built-in Windows Codecs Library to handle multimedia content, then attackers would be allowed to run malicious code on a Windows computer and potentially take over the device. "Customers do not need to take any action to receive the update," Microsoft said. Redmond said the bugs were privately reported and they haven't been used in the wild before today's patches.

7% of Install base now runs May 2020 Update

In other Windows 10 related news, Microsoft's most recent version of Windows 10, known as the May 2020 Update or version 2004, has been available to the general public. MS applies a gradual roll-out, not all users see it on their system at the same time. Currently, about 7 percent of users have it installed.

Microsoft Silently Patches two Windows 10 Codec Vulnerabilities