阅读: 247

综述

北京时间7月1日,微软发布临时公告称修复了2个Windows编解码器库(Microsoft Windows Codecs Library)中存在的远程代码执行漏洞(CVE-2020-1425,CVE-2020-1457)。攻击者可以通过一个特制的图像文件来触发该漏洞,从而执行代码。目前微软已经发布补丁进行了修复。

参考链接:

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425

https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457

受影响产品版本

  • Windows 10 Version 1709 for 32-bit Systems
  • Windows 10 Version 1709 for ARM64-based Systems
  • Windows 10 Version 1709 for x64-based Systems
  • Windows 10 Version 1803 for 32-bit Systems
  • Windows 10 Version 1803 for ARM64-based Systems
  • Windows 10 Version 1803 for x64-based Systems
  • Windows 10 Version 1809 for 32-bit Systems
  • Windows 10 Version 1809 for ARM64-based Systems
  • Windows 10 Version 1809 for x64-based Systems
  • Windows 10 Version 1903 for 32-bit Systems
  • Windows 10 Version 1903 for ARM64-based Systems
  • Windows 10 Version 1903 for x64-based Systems
  • Windows 10 Version 1909 for 32-bit Systems
  • Windows 10 Version 1909 for ARM64-based Systems
  • Windows 10 Version 1909 for x64-based Systems
  • Windows 10 Version 2004 for 32-bit Systems
  • Windows 10 Version 2004 for ARM64-based Systems
  • Windows 10 Version 2004 for x64-based Systems
  • Windows Server 2019
  • Windows Server 2019 (Server Core installation)
  • Windows Server, version 1709 (Server Core Installation)
  • Windows Server, version 1803 (Server Core Installation)
  • Windows Server, version 1903 (Server Core installation)
  • Windows Server, version 1909 (Server Core installation)
  • Windows Server, version 2004 (Server Core installation)

解决方案

微软官方已经发布补丁,用户可以通过Microsoft Store App自动更新,更多信息请参考官方指南:

https://support.microsoft.com/en-us/help/4026259/microsoft-store-get-updates-for-apps-and-games