Windows 10: Critical Windows Codecs security issue affects Windows 10 and Server

Microsoft published details about two recently discovered security issues in Windows Codec that affect Windows 10 client and server versions. The issues were found in the Microsoft Windows Codecs Library, more precisely in the way that the library "handles objects in memory".

Microsoft confirms the security issues and defines the vulnerabilities as a remote code execution vulnerability with a severity of critical and important.

All client versions of Windows 10 from Windows 10 version 1709 on, including 32-bit, 64-bit and ARM versions, and several Windows Server versions, including Windows Server 2019 and Windows Server version 2004 Core installation, are affected.

The issues are not exploited in the wild; an attacker could create a specially crafted image file and get it opened on a target system to exploit the vulnerability.

Workarounds and mitigations are not available, but Microsoft has created an update that needs to be installed on Windows 10 and Windows 10 Server devices to correct the issue and protect systems against potential exploits.

The update is pushed to devices through a Microsoft Store update. Microsoft notes that updates will land on devices automatically and that customers don't need to take any action in that regard.



Administrators who don't want to wait for the update to arrive on systems may open the Microsoft Store application manually, select Menu > Downloads and updates, and there the "get updates" button to run a manual check for updates.

Here are the links to the two vulnerabilities on Microsoft's MSRC portal:

• CVE-2020-1425 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability
• CVE-2020-1457 | Microsoft Windows Codecs Library Remote Code Execution Vulnerability

Lack of information is a problem


Microsoft does not reveal the name of the update that it created to address the security issue. A quick check on an up-to-date Windows 10 version 2004 Surface Go device returned updates for the apps HEIF Image Extensions and HEVC Video Extensions from Device Manufacturer. It is unclear if these are the updates that Microsoft is referring to or if the company has not yet released the security update to the general population.

I will keep an eye on the updates and update the article if a Windows Codecs Library related update becomes available.

Microsoft needs to provide additional information. It is unclear how administrators can check if the updates are installed on devices because of the lack of information. Information about the nature of the vulnerability, e.g. which image formats are affected, would also be useful.

Lastly, a Store update excludes systems from receiving the update if the Store application has been uninstalled or neutralized.

Now You: What is your take on this? (via Bleeping Computer)

Thank you for being a Ghacks reader. The post Critical Windows Codecs security issue affects Windows 10 and Server appeared first on gHacks Technology News.

read more...

 

Comodo Software users Windows 10 *Important*




"Hi All,
We stronly advise Comodo users not to update to latest MS update KB4022716, which is available for Windows 10 users till they have new fixed version of Comodo internet security products installed.

Affected Products:
- Comodo Internet Security / Comodo Antivirus / Comodo Firewall (Affected versions: v6246 and below)
- Comodo Cloud Antivirus (Affected versions: v533 and below)
- Internet Security Essentials (Affected versions: v81 and below)
- Comodo Secure Shopping (Affected versions: v97 and below)

Possible Problems:
In case you have updated to MS update KB4022716 prior to updating to latest fixed version of Comodo products, following issues may appear:

- Crashing browsers
- May not be able to login to Windows

Resolution:
If you are able to login, you can uninstall Comodo and re-install latest fixed Comodo version. Else you need to go to Windows Safe Mode and uninstall Comodo product or re-store system to state before Comodo product was installed.

In case you want to keep Comodo and pause Windows updates for some time, you may use following steps:
Step - 1: Click on Start icon on Windows
Step - 2: Next click on Settings menu item, it will open "Windows Settings" window
Step - 3: Select "Update & Security" section from there and it will show "Windows Update" section
Step - 4: Click on "Advanced Options" next, there is "Pause Updates" section allowing you to pause Windows updates for next several days

You can find same steps with images here .

Reason:
There are unexpected changes in last MS update KB4022716, which are incompatible with Comodo products."

https://forums.comodo.com/news-anno...ate-kb4022716os-build-15063447-t119928.0.html

 

Windows 10 Tweaks

Pressing “Windows+Pause Break” (it’s up there next to scroll lock) opens the “System” Window.

Windows 10: In the new version of Windows, Explorer has a section called Quick Access. This includes your frequent folders and recent files. Explorer defaults to opening this page when you open a new window. If you’d rather open the usual This PC, with links to your drives and library folders, follow these steps:

• Open a new Explorer window.
• Click View in the ribbon.
• Click Options.
• Under General, next to “Open File Explorer to:” choose “This PC.”
• Click OK

credit to Lifehacker.

 

Windows 10 download speed issues

Try this method:

• First of all from Start Menu, open Settings (Type settings in the search bar and it will appear).
• locate and select “Update and Security“.
• in this window, Locate “Advanced Options”. Click on it.
• In Advanced Options; Click on “Choose How Updates are Delivered“.
• Turn off Updates from more than one place.

Your system will not work as a seeder for other Windows 10 users. It will give sudden boast to your Slow internet speed.