JPCERT-AT-2020-0027
JPCERT/CC
2020-07-01(Initial)
2020-07-08(Update)
For more information on the vulnerabilities, please refer to the information provided by Microsoft.
Microsoft
CVE-2020-1425 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425
Microsoft
CVE-2020-1457 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457
- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for ARM64-based Systems
- Windows 10 Version 1709 for x64-based Systems
- Windows 10 Version 1803 for 32-bit Systems
- Windows 10 Version 1803 for ARM64-based Systems
- Windows 10 Version 1803 for x64-based Systems
- Windows 10 Version 1809 for 32-bit Systems
- Windows 10 Version 1809 for ARM64-based Systems
- Windows 10 Version 1809 for x64-based Systems
- Windows 10 Version 1903 for 32-bit Systems
- Windows 10 Version 1903 for ARM64-based Systems
- Windows 10 Version 1903 for x64-based Systems
- Windows 10 Version 1909 for 32-bit Systems
- Windows 10 Version 1909 for ARM64-based Systems
- Windows 10 Version 1909 for x64-based Systems
- Windows 10 Version 2004 for 32-bit Systems
- Windows 10 Version 2004 for ARM64-based Systems
- Windows 10 Version 2004 for x64-based Systems
Microsoft
Get updates for apps and games in Microsoft Store
https://support.microsoft.com/en-us/help/4026259/microsoft-store-get-updates-for-apps-and-games
Microsoft
CVE-2020-1425 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425
Microsoft
CVE-2020-1457 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457
If you have any information regarding this alert, please contact JPCERT/CC.
2020-07-08 Updated "II. Affected Products"
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/
JPCERT/CC
2020-07-01(Initial)
2020-07-08(Update)
I. Overview
On June 30, 2020 (Local Time), Microsoft has released information regarding vulnerabilities (CVE-2020-1425, CVE-2020-1457) in Microsoft Windows Codecs Library. This contains updates that are rated as"Critical". Remote attackers leveraging these vulnerabilities may be able to execute arbitrary code.For more information on the vulnerabilities, please refer to the information provided by Microsoft.
Microsoft
CVE-2020-1425 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425
Microsoft
CVE-2020-1457 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457
II. Affected Products
Affected products and versions are as follows:- Windows 10 Version 1709 for 32-bit Systems
- Windows 10 Version 1709 for ARM64-based Systems
- Windows 10 Version 1709 for x64-based Systems
- Windows 10 Version 1803 for 32-bit Systems
- Windows 10 Version 1803 for ARM64-based Systems
- Windows 10 Version 1803 for x64-based Systems
- Windows 10 Version 1809 for 32-bit Systems
- Windows 10 Version 1809 for ARM64-based Systems
- Windows 10 Version 1809 for x64-based Systems
- Windows 10 Version 1903 for 32-bit Systems
- Windows 10 Version 1903 for ARM64-based Systems
- Windows 10 Version 1903 for x64-based Systems
- Windows 10 Version 1909 for 32-bit Systems
- Windows 10 Version 1909 for ARM64-based Systems
- Windows 10 Version 1909 for x64-based Systems
- Windows 10 Version 2004 for 32-bit Systems
- Windows 10 Version 2004 for ARM64-based Systems
- Windows 10 Version 2004 for x64-based Systems
Update: July 8, 2020 Update
Removed the Windows Server from the above Affected Products list as they had been removed from the list on Microsoft advisory pages.
III. Solution
Affected users will be automatically updated by Microsoft Store.According to Microsoft, users who want to receive the update immediately can check for updates with the Microsoft Store App.Microsoft
Get updates for apps and games in Microsoft Store
https://support.microsoft.com/en-us/help/4026259/microsoft-store-get-updates-for-apps-and-games
IV. References
Microsoft
CVE-2020-1425 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425
Microsoft
CVE-2020-1457 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457
If you have any information regarding this alert, please contact JPCERT/CC.
Revision History
2020-07-01 First edition2020-07-08 Updated "II. Affected Products"
JPCERT Coordination Center (Early Warning Group)
MAIL: ew-info@jpcert.or.jp
https://www.jpcert.or.jp/english/