Windows 10 flaw: Opening a large image allows hackers to take over

July 5, 2020

By Kim Komando

Microsoft’s slew of update-related bugs may be annoying, but we have to give the company credit for quickly issuing fixes for major issues like security flaws — which are far more dangerous and urgent.

Usually, when a bug is discovered by independent researchers, a report is sent to Microsoft for the company to analyze. Then, they release a patch that can be easily downloaded. This usually happens in a matter of days or weeks at most, which helps prevent the issues from being exploited. Tap or click here to see why the NSA urged people to update Windows.

And this week, a dangerous new flaw has been found in Windows 10 that allows hackers to infiltrate your PC using corrupt media files. If you make the mistake of opening one, your computer is in for a world of hurt. Here’s how you can stop the glitch and protect your PC.

Big graphics, bigger glitches

According to a new threat report, Microsoft has released an urgent security update that addresses two critical vulnerabilities in Windows 10 and Windows Server 2019. These bugs are classified as remote-code vulnerabilities, which means hackers can use the exploits to activate malware remotely and compromise your PC.

Here’s how the vulnerabilities work: Due to a bug in Windows Codec Library, which is responsible for compressing large media files, a specially-crafted image or video could allow hackers to inject malicious code remotely. Because the execution comes from corrupted files, attacks could easily come in the form of email attachments and downloads.

Thankfully, Microsoft got to work quickly and released a security patch to address the two exploits. Just like usual, the patch can be downloaded via Windows Update & Security and is available to Windows 10 users now.

To download the patch, click your Start Menu, open the Settings app by clicking the gear icon, and scroll down to Update & Security. If the patch is available for you to download, click Download, and follow the on-screen directions to complete the installation. If you don’t see Download as an option, your computer likely updated itself automatically.

Currently, we haven’t heard any reports of the exploit being used for attacks in the wild, but that doesn’t mean you should give hackers a chance. Updating sooner, rather than later, is key to keeping your computer secure.

More bugs: Don’t sweat those Windows Defender popups

This one isn’t an urgent security issue, but it’s worth mentioning while we talk about new threats facing Windows 10. According to people on Microsoft’s support forum, a number of computers are displaying Windows Defender popups for security threats that have already been removed by the app.

This was cause for concern initially, as it gave the impression that the app was failing to remove harmful malware. But after some digging, the issue was found to be nothing more than a bug. Apparently, Defender is reporting threats from its scan history on accident in addition to detecting new ones.

Forum-goers assume the issue is related to the May 2020 security update, which has unfortunately featured a host of other annoying bugs. Tap or click here to see what’s going wrong with the highly anticipated May 2020 update.

Fortunately, there is no real danger or security issue caused by this bug, and some have even managed to figure out a workaround. But keep in mind: It doesn’t appear to fix the issue for everyone, so your mileage may vary.

• Open the Settings menu in Windows Defender and navigate to Virus & Threat Protection Settings.
• Click Manage settings.
• Scroll down to Exclusions and click Add or remove exclusions.
• Click Add an exclusion. Choose Folder, then navigate through the Explorer window that opens as follows: C:>Program Data>Microsoft>Windows Defender>Scans>History.
• Click History, then click Select Folder. Windows Defender will now no longer scan its own Scan/History.
• Reboot Windows 10 to complete the process.

Microsoft will likely offer an official fix in the next major Windows 10 update. In the meantime, why not continue to protect your system with other top-rated security apps that can scan for viruses, check your internet connection and more. Tap or click here to see our favorite online security programs.