Microsoft has released patches to fix two remote code execution vulnerabilities in Microsoft Windows Codecs Library. HEVC or Windows codecs library is responsible for handling large media files and decoding them for playback. HEVC is used by developers as it supports a multitude of different file formats. This Windows Extension is designed to take advantage of the hardware capabilities of newer processors and GPU to decode and play Ultra HD content.

Two vulnerabilities, one of which is rated as critical CVE-2020-1425 and other as important CVE-2020-1457, affects multiple Windows 10 versions and Windows Server 2019.


Following are the details of the vulnerabilities :

Both of these vulnerabilities exist as to how Microsoft Windows Codecs Library handles objects in memory. Microsoft has not released information on attack vectors which can abuse these flaws, In order to exploit them, it requires that a program processes a specially crafted file.

CVE-2020-1425: A Remote Code Execution vulnerability which is rated as critical exists in Microsoft HEVC. Once this vulnerability is successfully exploited, an attacker can use the disclosed information to further compromise the system.

RCE bugs are generally unexploitable because of Address Space Layout Randomisation (ASLR). ASLR is a security feature that makes memory mapping in every system different, thus leaving the attacker to only guess where to put malicious code. But in this case, this vulnerability can be exploited to disclose sensitive information which includes system data and memory layout.

CVE-2020-1457: Also a Remote Code Execution vulnerability which is rated as important exists in the same Windows Extension HEVC. Both of these vulnerabilities require a malicious file in order to execute remote code. The information gained by the previous method can be used to exploit this vulnerability.


Affected Application:

  • HEVC Microsoft windows codec library

Affected Windows versions:

  • Windows 10/Server version 1709 and newer
  • Windows Server 2019

Solution

Microsoft has released fixes for HEVC and customers can update it via Microsoft Store.

SanerNow security content has been published to detect this vulnerability. We strongly recommend installing Microsoft security updates without any delay.

Subscribe For Latest Updates

Get the latest research, best practices, industry trends and cybersecurity blogs from SecPod security experts

Invalid email address
We promise not to spam you. You can unsubscribe at any time.
Summary
Microsoft HEVC emergency security updates for critical RCE vulnerabilities
Article Name
Microsoft HEVC emergency security updates for critical RCE vulnerabilities
Author
Publisher Name
Secpod
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *