Microsoft patches two codec library vulnerabilities via Windows Store update

Posted on Thursday, July 02 2020 @ 17:13 CEST by Thomas De Maesschalck
MSFT logo
Microsoft issued out-of-cycle security updates for optional HEVC media codecs that are installed on some Windows 10 computers. There are two vulnerabilities at play and one of them is rated critical as it can be abused by an attacker to run malicious code on any version of Windows 10.

ARS Technica writes Microsoft decided to push these updates via Windows Store, and not via Windows Update. The patches will only be installed on vulnerable systems.
Unlike the vast majority of Windows patches, the ones released on Tuesday were delivered through the Microsoft Store. The normal channel for operating System security fixes is Windows Update. [...]

“Affected customers will be automatically updated by Microsoft Store. Customers do not need to take any action to receive the update,” both advisories said. “Alternatively, customers who want to receive the update immediately can check for updates with the Microsoft Store App; more information on this process can be found here.”
The vulnerability resides in hevcdecoder_store.dll, a library used for parsing HEIC images with HEVC codec. This library is downloaded via the Windows Store, so perhaps that's the reason why Microsoft is also pushing out the update via the Windows Store.

About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.


Loading Comments

Share this story!

Latest news

Latest reviews