Microsoft Releases an Out of Band Update for Windows 8.1 and Windows Server 2012 R2 to Fix Security Issues

Aug 19, 2020
Submit

Microsoft has released an out of band security update today for Windows 8.1 and Windows Server 2012 R2, addressing two elevation of privilege vulnerabilities. Both can be exploited remotely, pushing the Windows maker to deliver KB4578013.

Tracked as CVE-2020-1530 and CVE-2020-1537, Microsoft said that the bugs were fixed in all the supported operating systems through the August 11 monthly cumulative updates. Today's note reads:

Out-of-Band “Required Security Update” Released for Several Windows 10 Versions Fixing IE and Printing Issues

Take action: August 19, 2020: Windows 8.1 and Windows Server 2012 R2 out of band security update available

An out of band security update has been released for Windows 8.1 and Windows Server 2012 R2. This update addresses two Windows Remote Access Elevation of Privilege vulnerabilities. We recommend that you install these updates promptly. For information about the update, see KB4578013. For more information about these vulnerabilities, see CVE-2020-1530 and CVE-2020-1537.

Out of band Windows update fixes two security vulnerabilities

CVE-2020-1530 is a "Windows Remote Access Elevation of Privilege Vulnerability" that exists when Windows Remote Access improperly handles memory. An attacker would first need to gain execution on the victim system and then run a specially crafted application to elevate privileges.

"The security update addresses the vulnerability by correcting how Windows Remote Access handles memory," Microsoft writes.

The second vulnerability, tracked as CVE-2020-1537, is an elevation of privilege flaw that exists when the Windows Remote Access improperly handles file operations. "An attacker who successfully exploited this vulnerability could gain elevated privileges," the company explains.

To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.

The security update addresses the vulnerability by ensuring the Windows Remote Access properly handles file operations.

For more details on KB4578013 for Windows 8.1 and Windows Server 2012 R2, head over to the official support document.

- Earlier: Microsoft Says You Won’t Be Able to Uninstall Its New Edge Browser | Workaround

Submit