Read more.Quote:
Remote code execution security vulnerabilities exploitable via specially crafted image files.
Printable View
Read more.Quote:
Remote code execution security vulnerabilities exploitable via specially crafted image files.
The Store app that's not installed with Windows server if IRC.Quote:
Microsoft has chosen to deploy updates to the Windows Codecs Library through the Windows Store app
I find it amusing and amazing how people can find zero days like this using an image file.
That's is the very reason. People just think it's not possible and write insecure code, and then some clever so and so finds it.Quote:
Originally Posted by philehidiot
Theoretically all data is just information in memory space so an image could contain data that represents CPU instructions and then if there is a vulnerability in the code that reads the image it could lead to a remote code execution. The expectation is of course loading an image file is not dangerous, where loading anything you don't have control over into RAM is potentially dangerous.
I've looked for this update but it's not showing on my domain controlled machine (In fact little from the store is showing as installed). I hope they are rolling it out as a generic patch too.
They are, you can get it by downloading this image file:Quote:
Originally Posted by cheesemp
http://www.don'tclickmeyou........
It's on the Windows Store as HEIF Image Extensions. Quite a few places block access to that though, but Microsoft never considers that.Quote:
Originally Posted by cheesemp
So Microsoft are only offering me the ARM version for my work PC, then refusing to install it as its not compatible. Guess it's been blocked by IT...Quote:
Originally Posted by Lorcaran
@phileidiot - thanks but no thanks!