Microsoft silently updated Windows 10 to patch 2 serious security holes

According to Microsoft, the two newly patched security holes affect hundreds of millions of regular Windows 10 users and even Windows 10 Server.

On July 1, Microsoft quietly updated Windows 10 to patch two critical security holes that affected hundreds of millions of users. This emergency update was released by Microsoft two weeks ahead of the monthly Patch Tuesday release schedule.

Two newly patched security holes are found in the Windows Codecs Library. They allow hackers to download, install and launch malicious applications. Codec is a collection of support libraries that help Windows play, compress and decompress music and video files.

The code names of the two new vulnerabilities are CVE-2020-1425 and CVE-2020-1456. Hackers can take advantage of these vulnerabilities to execute arbitrary commands and control the compromised computer. According to Microsoft, both vulnerabilities stem from the way the codec library handles objects in memory.

Microsoft silently updated Windows 10 to patch 2 serious security holes Picture 1 Two serious security holes caused Microsoft to silently release an emergency patch

However, to exploit both of these vulnerabilities, a hacker will first have to trick the user into clicking on specially created image files. When clicked, these image files will be opened by any application that uses Windows' built-in Codec Library.

In the two vulnerabilities, CVE-2020-1425 is more dangerous because it allows hackers to collect data to cause more damage to victims. CVE-2020-1456 is considered dangerous because it allows hackers to execute arbitrary commands on the hacked Windows computer.

Microsoft said at the time they released the patch, both the vulnerabilities were not publicly disclosed or actively exploited by hackers.

List of affected Windows operating system versions: