Shulou(Shulou.com)06/01 Report--

This article shows you how the Microsoft Windows codec library remote code execution vulnerability is, concise and easy to understand, absolutely can make you shine, through the detailed introduction of this article I hope you can gain something.

0x00 Vulnerability Background

On July 1, 2020, 360CERT monitoring found that Microsoft officially issued a risk notification for Microsoft Windows Codec Library Remote Code Execution Vulnerability, with vulnerability numbers CVE-2020-1457 and CVE-2020-1425, Vulnerability Level: Critical.

Microsoft Windows is an operating system developed by Microsoft Corporation in the United States, and Windows Codecs Library is one of the audio and video file codecs.

A remote code execution vulnerability exists in the way the Microsoft Windows codec library handles objects in memory that could allow attackers to execute arbitrary code via a crafted image file.

In this regard, 360CERT recommends that the majority of users install the latest patches in time, do a good job of asset self-inspection and prevention work, so as to avoid hacker attacks.

0x01 Risk Level

360CERT's assessment of this vulnerability is as follows

Rating Method Threat Level Critical Impact Wide 0x02 Vulnerability Details

A remote code execution vulnerability exists in the way the Microsoft Windows codec library handles objects in memory that could allow attackers to execute arbitrary code via a crafted image file.

0x03 Impact Version

Windows 10 Version 1709 for 32-bit Systems

Windows 10 Version 1709 for ARM64-based Systems

Windows 10 Version 1709 for x64-based Systems

Windows 10 Version 1803 for 32-bit Systems

Windows 10 Version 1803 for ARM64-based Systems

Windows 10 Version 1803 for x64-based Systems

Windows 10 Version 1809 for 32-bit Systems

Windows 10 Version 1809 for ARM64-based Systems

Windows 10 Version 1809 for x64-based Systems

Windows 10 Version 1903 for 32-bit Systems

Windows 10 Version 1903 for ARM64-based Systems

Windows 10 Version 1903 for x64-based Systems

Windows 10 Version 1909 for 32-bit Systems

Windows 10 Version 1909 for ARM64-based Systems

Windows 10 Version 1909 for x64-based Systems

Windows 10 Version 2004 for 32-bit Systems

Windows 10 Version 2004 for ARM64-based Systems

Windows 10 Version 2004 for x64-based Systems

Windows Server 2019

Windows Server 2019 (Server Core installation)

Windows Server, version 1709 (Server Core Installation)

Windows Server, version 1803 (Server Core Installation)

Windows Server, version 1903 (Server Core installation)

Windows Server, version 1909 (Server Core installation)

Windows Server, version 2004 (Server Core installation)

0x04 Repair Suggestions General Repair Suggestions:

Get updates for apps and games in Microsoft Store

https://support.microsoft.com/en-us/help/4026259/microsoft-store-get-updates-for-apps-and-games

So that's what the Microsoft Windows codec library remote code execution vulnerability looks like. Have you learned anything or learned anything? If you want to learn more skills or enrich your knowledge reserves, please pay attention to the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.