Out of Band Advisory (CVE-2020-1425) and (CVE-2020-1457) - Microsoft Windows Codecs Library Remote Code Execution Vulnerability

Today, Microsoft released two out of band advisories for CVE-2020-1425 and CVE-2020-1457. Both CVEs contain a remote code execution vulnerability in the Microsoft Windows Codecs Library, specifically in a how it handles objects in memory. CVE-2020-1425 allows an attacker to potentially obtain information about a victim's system for further compromise and is rated CRITICAL. CVE-2020-1457 allows an attacker to execute arbitrary code via a specially crafted file and is rated IMPORTANT.

According to Microsoft they are:

CVE-2020-1425:

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the user's system. Exploitation of the vulnerability requires that a program process a specially crafted image file.

CVE-2020-1457:

A remote code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory. An attacker who successfully exploited the vulnerability could execute arbitrary code.

Exploitation of the vulnerability requires that a program process a specially crafted image file.

Microsoft states that all platforms affected running the Windows Media Codec will be automatically updated by the Microsoft Store. Customers also have the option of checking the Microsoft Store manually for updates. Further information can be found here.

Windows 10, Windows Server 2019, and Windows Server version 1709/1803/1903/2004 (server core installation) are affected.

No. According to the advisory, Microsoft has not observed in the wild attacks.

Microsoft has not provided any mitigation or workarounds for these two out of band advisories.

IPS coverage is currently being investigated for feasibility. We will update this post once relevant information is available.

AV coverage is not feasible for this event.

FortiGuard Labs recommends that all AV and IPS definitions are kept up to date on a continual basis, and that organizations maintain a proactive patching routine when vendor updates are available. If it is deemed that patching is not feasible, it is recommended that a risk assessment is conducted to determine additional mitigation safeguards within an environment.