Microsoft releases emergency update to fix two serious Windows flaws ( CVE-2020-1425 / CVE-2020-1457 )

Question

Microsoft releases emergency update to fix two serious Windows flaws

https://www.welivesecurity.com/2020/07/01/microsoft-releases-emergency-update-two-serious-windows-flaws/

I do understand it is only customers who have installed the optional HEVC or “HEVC from Device Manufacturer” media codecs from Microsoft Store may be vulnerable.

So but if we need to force the update on users machines remotely (from SCCM ,PowerShell script ) how we can do that for this software’s ?

In windows store setting suppose user selected the option to turn off automatic update ,then how we can proceed ?

Is there any way we can force it via script or do we have offline package or installer for the same ?

How we can check , how many users installed this software , Do we have any SQL query for that ?

solved 0
Ketan Kamble 2020-07-03T18:56:12+05:30 7 Answers 175 views Beginner
0

Answers ( 7 )

  2. Ketan Kamble
    0
    2020-07-06T05:10:28+05:30
    Reply

    Hi Anoop ,

    Sorry to bother you but ,I am still waiting foe your answer

  4. Ketan Kamble
    0
    2020-07-05T06:25:01+05:30
    Reply

    Manual update is working

    Can you please tell me how we can trigger updation of microsoft store software on remote machine from sccm

  6. Anoop C Nair
    0
    2020-07-05T04:43:01+05:30
    Reply

    You should have tried manually update on a machine if that works .. then we can have several methods to update the latest version

    Best answer
  8. Ketan Kamble
    0
    2020-07-04T08:51:20+05:30
    Reply

    Yes i checked that , but if any customer selected the option do not install update in store then it is difficult to update

  10. Ketan Kamble
    1
    2020-07-04T07:15:03+05:30
    Reply

    I managed to create one query which will show how many machines are not having the latest version of software

    select sms.name0, sms.User_Name0, gsapp.ApplicationName0, gsapp.Version0,
    case when parsename(gsapp.Version0,2) < '31822' then 'NONCOMPLIANT'
    else 'COMPLIANT' end as status
    from v_r_system sms
    join v_GS_WINDOWS8_APPLICATION gsapp on gsapp.ResourceID=sms.ResourceID
    where gsapp.ApplicationName0 like '%Microsoft.HEVCVideoExtension%'

    But now the question remains to keep the environment secure how we can force the upgrade

    Can we use CIM method to force the Store to update ( Get-CimInstance ) ?

    Microsoft is not at all providing more information about this in any blog . Ideally they need to remove old version and force the installation of latest version

  12. Jitesh Kumar
    1
    2020-07-04T06:52:21+05:30
    Reply

    Hello Ketan, As of now this update can’t be downloaded and applied manually or via PowerShell.

    These updates are for optional apps/components that are offered to customers as a download via the Microsoft Store.

    Check this TechNet thread to understand more about this.

    + https://social.technet.microsoft.com/Forums/en-US/9604e252-bcfa-4230-9bcf-e1b5515f72c7/the-new-updates-today-cve20201425-and-cve20201457-say-they-will-update-through-windows-store?forum=win10itprosecurity

Leave an answer

Sorry, you do not have permission to answer to this question .