Microsoft recently released patches for two serious security vulnerabilities in the Windows 10 codecs library. These fixes are part of unscheduled updates and are mandatory. They address two security flaws with RCE (Remote Code Execution) capabilities. The flaws affect both the Windows 10 client and server versions.

If you are running Windows 10 OS, then you should update and patch the OS to be on a safer side. Two out-of-band security updates to patch two vulnerabilities in the Microsoft Windows Codecs Library have been released. Tracked as CVE-2020-1425 & CVE-2020-1457, the two bugs only impact Windows 10 and Windows Server 2019 distributions.

In security advisories published recently, Microsoft said the two security flaws can be exploited with the help of a specially crafted image file. The security loopholes were found in the way that the library 'handles objects in memory'. Listed as Critical and Important, the security vulnerabilities could potentially allow remote attackers to take complete control over the victim computer. These security flaws resided inside the two most common image codecs HEIF and HEVC. The company defined the vulnerabilities as a remote code execution with the severity of critical and important.