Windows is the most widely used operating system in the world. At the same time, it is the most targeted system by attackers. For these two reasons, Microsoft has to work hard to avoid anyone from exploiting those vulnerabilities. One doesn’t need to think hard enough to find malware that exploited such vulnerabilities on a global level. A good example is WannaCry.
One of the latest vulnerabilities found on Windows was to do with the Windows Codec Library. It was found by a security researcher part of Trend Micro’s Zero Day Initiative. But before you understand the vulnerability, we’ll need to look at what is the Windows Codec Library.
The Windows Codec Library
Codec is jargon used as short for encoder-decoder. Mostly used for images and video, it converts the media into a digital format for the system to read. The co- or encoding part is where the data inside a picture (rows, columns, colour pixels, and so on) and converts into a file format like JPEG or PNG for downloading and streaming. The -decor decoding is the reverse. The file is read and decompressed for viewing (most files are compressed while being sent).
While encoding and decoding is the only way to show images and other media, it comes with its own set of security problems. Since there is no way for the decoder to verify if the encoding is safe and has no malicious data. The decoder can’t blindly assume that all encoding is to be trusted because the encoding process for an external file isn’t in control of the decoder. If the decoder trusts a malicious encoding in which the data isn’t in sync with the data that follows while encoding, a buffer overlay is triggered, which executes the malicious code inside the file. Hence the decoder should be able to detect the mismatch, which isn’t as easy as it sounds.
A decoder can be used inside an application only if it can properly detect mismatches. This is difficult to ensure because encoding image and audio files can be done in hundreds of different algorithms and apart from that, there are hundreds of different standards for packing them together in a file for transmission. Ensuring that there are no buffer overlays by detecting mismatches in all these algorithms and standards is difficult. This is where Windows Codec Library comes into the picture. Offering support for a huge number of media formats, it has become one of the standard codec tools used over the world.
Read More: The Risks Of Unsupported OS
The Vulnerability
Yes, having the same codec library for all operations can become chaotic if the codec library has a vulnerability because there is nothing to turn to and all
operations can be targeted. At the same time, if the bug comes up, it can be fixed for everyone at one go.
The vulnerability was discovered on 2nd July 2020. It wasn’t a single vulnerability, but a twin vulnerability. Both of them had a severity score of 7. The vulnerabilities named CVE-2020-1425 and CVE-2020-1427 existed due to the handling of objects in its memory. Exploiting CVE-2020-1425 allowed a hacker to compromise the user’s system. Exploiting CVE-2020-1425 allowed an attacker to execute arbitrary code.
The Fix
Both these vulnerabilities were fixed by processing a specially crafted file. This security update was released through the Microsoft Store as the Windows Codec Library was a part of apps that are installed into the system. Since these weren’t part of the built-in functions of the Windows Operating System, this wasn’t pushed through an overall system software update.
A similar vulnerability was found in 2005 in Windows systems like Windows XP and Windows System 2003 that ran using the NT-based version of Windows. Earlier known as the GDI (Graphic Device Interface), this attack vector targeted the system that transmitted graphical objects to output devices like monitors and printers.
Read More: Ripple20 : The Set Of Vulnerabilities
Risks of Staying Outdated
Keeping your system software and other applications running in older versions is always a risk. Such vulnerabilities can be exploited on your system if you haven’t installed the latest version. One of the best ways to keep yourself safe from cyber-attacks is by ensuring that the software in your system is always running with the latest version. Nothing to do, this just needs you to turn auto-updates on and restart when the system asks you to.
Interested to learn more about the different vulnerabilities in Microsoft and other operating systems? Follow our blog to keep yourself updated with the latest trends in cybersecurity.
