|
Patch reliability is unclear. Unless you have an immediate, pressing need to install a specific patch, don't do it. |
Newsletter Archives
-
Win10 codec security hole
This one’s more interesting than the typical Windows zero-day.
MS just published a Security Update for CVE-2020-1425 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability:
A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user’s system. Exploitation of the vulnerability requires that a program process a specially crafted image file. The update addresses the vulnerability by correcting how Microsoft Windows Codecs Library handles objects in memory.
(It looks like the bad codec is a piece of Windows that decompresses a video file.)
It’s listed as not exploited, not yet disclosed. So it’s a real security hole, but it hasn’t been exploited yet – so it isn’t a zero-day.
Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update. Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App; more information on this process can be found here.
Nothing to see here, folks.
Plus Membership
Donations from Plus members keep this site going. You can identify the people who support AskWoody by the Plus badge on their avatars.
AskWoody Plus members not only get access to all of the contents of this site -- including Susan Bradley's frequently updated Patch Watch listing -- they also receive weekly AskWoody Plus Newsletters (formerly Windows Secrets Newsletter) and AskWoody Plus Alerts, emails when there are important breaking developments.
Get Plus!
Recent Topics
-
HP Pavilion Will Not Wake Up After Being Idle for Longer Period
by 2 hours, 20 minutes ago
-
Make a Windows 11 Local Account Passwordless
by 1 hour, 54 minutes ago
-
Ubuntu 25.04 (Plucky Puffin)
by 5 hours, 29 minutes ago
-
24H2 fixed??
by 8 hours, 11 minutes ago
-
Uninstalr Updates
by 10 hours, 38 minutes ago
-
Apple zero days for April
by 16 hours, 3 minutes ago
-
CVE program gets last-minute funding from CISA – and maybe a new home
by 21 hours, 33 minutes ago
-
Whistleblower describes DOGE IT dept rumpus at America’s labor watchdog
by 1 day, 9 hours ago
-
Seeing BSOD’s on 24H2?
by 16 hours, 17 minutes ago
-
TUT For Private Llama LLM, Local Installation and Isolated from the Internet.
by 23 hours, 47 minutes ago
-
Upgrade from Windows 10 to 11
by 1 day, 18 hours ago
-
Microsoft : AI-powered deception: Emerging fraud threats and countermeasures
by 1 day, 20 hours ago
-
0patch
by 21 hours, 51 minutes ago
-
Devices might encounter blue screen exception with the recent Windows updates
by 1 day, 14 hours ago
-
Windows 11 Insider Preview Build 22631.5261 (23H2) released to Release Preview
by 1 day, 23 hours ago
-
Problem opening image attachments
by 2 days, 1 hour ago
-
advice for setting up a new windows computer
by 2 days, 16 hours ago
-
It’s Identity Theft Day!
by 1 day, 20 hours ago
-
Android 15 require minimum 32GB of storage
by 2 days, 21 hours ago
-
Mac Mini 2018, iPhone 6s 2015 Are Now Vintage
by 2 days, 21 hours ago
-
Hertz says hackers stole customer credit card and driver’s license data
by 2 days, 21 hours ago
-
Firefox became sluggish
by 13 hours, 59 minutes ago
-
Windows 10 Build 19045.5794 (22H2) to Release Preview Channel
by 3 days, 1 hour ago
-
Windows 11 Insider Preview Build 22635.5235 (23H2) released to BETA
by 3 days, 2 hours ago
-
A Funny Thing Happened on the Way to the Forum
by 1 day, 23 hours ago
-
Download speeds only 0.3Mbps after 24H2 upgrade on WiFi and Ethernet
by 4 hours, 25 minutes ago
-
T-Mobile 5G Wireless Internet
by 2 days ago
-
Clock missing above calendar in Windows 10
by 1 hour, 25 minutes ago
-
Formula to Calculate Q1, Q2, Q3, or Q4 of the Year?
by 3 days, 16 hours ago
-
The time has come for AI-generated art
by 2 days, 20 hours ago
Remembering Woody
