Skip to main content

Urgent Windows 10 update plugs newfound security holes

Microsoft rolls out emergency Windows 10 security fix
Microsoft Windows 10 updates (Image credit: SOPA Images / Contributor)

Windows 10 users are now receiving an out-of-band emergency software security update. As Forbes reports, Microsoft confirms the update is necessary to address a security flaw.

According to Microsoft's published security update notes on June 30, two vulnerabilities were discovered by Trend Micro's Zero Day Initiative vulnerability analysis manager, Abdul-Aziz Hariri.

The discovery arrives days ahead of Microsoft's monthly Patch Tuesday update. Microsoft's decision to not wait for the next scheduled security update indicates just how consequential the vulnerabilities are. 

Windows 10 users are now receiving an out-of-band emergency software security update. As Forbes reports, Microsoft confirms the update is necessary to address a security flaw.

According to Microsoft's published security update notes on June 30, two vulnerabilities were discovered by Trend Micro's Zero Day Initiative vulnerability analysis manager, Abdul-Aziz Hariri.

The discovery arrives days ahead of Microsoft's monthly Patch Tuesday update. Microsoft's decision to not wait for the next scheduled security update indicates just how consequential the vulnerabilities are. 

This discovery arrives days ahead of Microsoft's monthly Patch Tuesday update. Microsoft's decision to not wait for the next scheduled security update indicates just how consequential the vulnerabilities are.

If left open, the security flaws within the Windows Codecs Library could result in a breach in Windows 10 or the Windows Server system. "A remoted code execution vulnerability exists in the way that Microsoft Windows Codecs Library handles objects in memory," Microsoft wrote.

Attackers would be able to exploit said vulnerabilities using a maliciously crafted image file.

Windows 10 users fear not. Microsoft's emergency security update will be installed automatically via the Microsoft Store. "Customers do not need to take any action to receive the update," Microsoft said.

You can manually check for the Windows update by opening the Microsoft Store from your taskbar or from the search box. Launch the app and select "Downloads and updates" from the drop down menu and select "Get updates".

Microsoft's notes state that only users who installed the optional HEVC or "HEVC from Device Manufacturer '' media codecs from Microsoft Store may be vulnerable.

The tech giant is no stranger to rolling out emergency security patches. Last year, Microsoft released an emergency Windows patch to fix a serious flaw in its now replaced Internet Explorer browser.