• Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Transform
      • SOC Consultancy
      •     SOC Maturity Assessment
      •     SOC Model Evaluation
      •     SOC Gap Analysis
      •     SIEM Gap Analysis
      •     SIEM Optimization
      •     SOC Content Pack
    • Train
      • Security Awareness and Training
      • Tabletop Exercise
      • Simulated Cyber Attack Exercises
    • Respond
      • Incident Response
      • Incident Analysis
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Press Release
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
Rewterz Threat Alert – Vendetta Group’s COVID-19 Phishing Emails
July 2, 2020
Rewterz Threat Advisory – Multiple Vulnerabilities in F5’s BIG-IP Allow Full System Compromise
July 3, 2020

Rewterz Threat Advisory – Urgent Windows Update to Patch Two Critical Flaws

July 2, 2020

Severity

High

Analysis Summary

Microsoft has quietly released out-of-band software updates to patch two high-risk security vulnerabilities affecting hundreds of millions of Windows 10 and Server editions’ users. Both flaws reside in the Windows Codecs Library, an easy attack vector to social engineer victims into running malicious media files downloaded from the Internet. For those unaware, Codecs is a collection of support libraries that help the Windows operating system to play, compress and decompress various audio and video file extensions. 

The two newly disclosed security vulnerabilities, assigned CVE-2020-1425 and CVE-2020-1457, are both remote code execution bugs that could allow an attacker to execute arbitrary code and control the compromised Windows computer. According to Microsoft, both remote code execution vulnerabilities reside in the way Microsoft Windows codec library handles objects in memory. However, exploiting both flaws requires an attacker to trick a user running an affected Windows system into clicking on a specially crafted image file designed to be opened with any app that uses the built-in Windows Codec Library.

Impact

  • Information Theft
  • Arbitrary code execution
  • System compromise

Affected Vendors

Microsoft

Affected Products

  • Windows 10 version 1709
  • Windows 10 version 1803
  • Windows 10 version 1809
  • Windows 10 version 1903
  • Windows 10 version 1909
  • Windows 10 version 2004
  • Windows Server 2019
  • Windows Server version 1803
  • Windows Server version 1903
  • Windows Server version 1909
  • Windows Server version 2004

Remediation

The affected users will be automatically updated without requiring any further action. 
However, for an immediate solution, you can install patches by checking for new updates through the Microsoft Store.

  • Services
    • Assess
      • Compromise Assessment
      • APT Assessment
      • Penetration Testing
      • Secure Architecture Design & Review
      • Red Team Assessment
      • Purple Team Assessment
      • Social Engineering
      • Source Code Review
    • Respond
      • Incident Response
      • Incident Analysis
  • Transform
    • SOC Consultancy
    •     SOC Maturity Assessment
    •     SOC Model Evaluation
    •     SOC Gap Analysis
    •     SIEM Gap Analysis
    •     SIEM Optimization
    •     SOC Content Pack
  • Train
    • Security Awareness and Training
    • Tabletop Exercise
    • Simulated Cyber Attack Exercises
  • Managed Security
    • Managed Security Monitoring
      • Remote SOC
      • Onsite SOC
      • Hybrid SOC
    • Managed Security Services
      • Managed Detection and Response
      • Managed Endpoint Detection and Response
      • Managed Threat Intelligence
      • Managed Threat Hunting
      • Managed Risk-Based SOAR
      • Managed Penetration Testing
  • Solutions
  • Resources
    • Blog
    • Threat Advisory
  • Company
    • About Us
    • Careers
    • Contact
COPYRIGHT © REWTERZ. ALL RIGHTS RESERVED.