Just a few hours ago we were talking about a series of executable files from Windows 10 itself that could be vulnerable to a certain attack . This is somewhat worrying in most cases, especially when we consider the importance of security today. Well, now we have another related fact to add, as we are going to tell you.
And it is that from what we are knowing at the moment, Microsoft published the details about two recently discovered security problems. These specifically refer to two system codecs that affect the client and server versions of Windows 10. Specifically, these problems were found in the codec library of Microsoft software, to say that they could be seen in the way in which the library handles objects in memory.
New Windows vulnerability detected in your codecs
In this way Microsoft now confirms security issues and defines critical and critical remote code execution vulnerabilities. Thus, all client versions of Windows 10 from version 1709 and several versions of Windows Server are affected. To give us an idea of what we are talking about, a potential attacker could create a specially crafted file and get it to open on a target system to exploit the vulnerability mentioned.
Also note that no workarounds or mitigation solutions are available at this time, but Microsoft has created an update. This should be installed on Windows 10 and Windows 10 Server devices to correct the problem and protect the systems against possible exploits of the failure. This is an update that is sent to computers through a Microsoft Store update. Therefore these will come automatically and users do not need to take any action in this regard.
At the same time, all those who want to receive the update we are referring to now, will be able to do so from the official system store . Thus, they can open the Microsoft Store and go to Menu> Downloads and updates.
Once in this section, there we can see the Get updates button to run a manual search for them.
Microsoft does not make clear what the update is for the vulnerability
At this point, it is also interesting to know that Microsoft does not reveal the name of the update it created to resolve the security issue . But some users have now found that Windows 10 returned HEIF Image Extensions and HEVC Video Extensions app updates. At the moment it is not clear if these are the updates to which the firm refers, or not.
That is why, to solve the security problem as soon as possible, we should be attentive to this section in the coming days. In this way we will be able to check first hand if any update related to the operating system codecs arrives at the system store.
Likewise, it would also be useful to know more information about the nature of the vulnerability and what image formats it is affecting. All in all and with this this is just another security flaw in Windows 10 that Microsoft only half informs us about.