On June 30th, Microsoft released two emergency out-of-band updates for the Microsoft Windows Codecs Library for Windows 10 and Server. These two updates patch CVE-2020-1425 and CVE-2020-1457, which allow attackers to remotely execute code using a specially crafted image file sent to any application that uses the Microsoft library for processing multimedia files. This means that the vulnerability was present in many applications and could have been used by attackers to gain initial access in a stealthy way, depending on how each application implemented media messages. Fortunately, the bugs were privately reported to Microsoft by Trend Micro’s zero-day initiative and no attacks exploiting these vulnerabilities has been reported in the wild.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in