The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801.

The patches fix two separate RCE bugs in Windows Codecs that allow hackers to exploit playback of multimedia files.

Microsoft has quietly pushed out two emergency security updates to fix remote code execution bugs in Microsoft Windows Codecs Library.

Windows Codecs Library handles how the OS compresses large multimedia files such as photos and videos, and then decodes them for playback within applications. The out-of-band updates, addressing a critical-severity flaw (CVE-2020-1425) and important-severity vulnerability (CVE-2020-1457), were sent out via Windows Update Tuesday night and affect several versions of Windows 10 and Windows Server 2019.

Both vulnerabilities allow for remote code execution “in the way that Microsoft Windows Codecs Library handles objects in memory,” according to the updates.

Both flaws can be exploited if users of affected systems open corrupted media files within applications that use the native Windows Codecs Library.

Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App.

Microsoft said it has not detected either Windows Codecs Library flaw being exploited in the wild.

These patches come weeks after Microsoft’s regularly scheduled June Patch Tuesday, where it released patches for 129 vulnerabilities – the highest number of CVEs ever released by Microsoft in a single month. Within the blockbuster security update, 11 critical remote code-execution flaws were patched in Windows, SharePoint server, Windows Shell, VBScript and other products.