Microsoft Issues Emergency Out Of Band Security Update For Windows 8.1 And Server 2012 R2
Microsoft released a security update for Windows 8.1 and Windows Server 2012 R2 that aims to patch two significant security vulnerabilities. These security vulnerabilities are known as CVE-2020-1530 and CVE-2020-1537, and both have to do with elevation of privileges in the operating systems. Both security issues can be exploited remotely and are addressed by the new out of band security update KB4578013.
With KB4578013, both of these security vulnerabilities have been fixed in all supported operating systems. The patch was delivered as part of the August 11 monthly cumulative updates. The threat caused by the security vulnerabilities in Windows 8.1 and Server 2012 R2 were significant and had to do with an improper way Windows Remote Access functioned.
To take advantage of the CVE-2020-1530 vulnerability, an attacker would need to execute software on a target computer and then run an application made specifically to elevate privileges. With the update, Microsoft says that the vulnerability and how Windows Remote Access handles memory has been patched. Vulnerability CVE-2020-1537 was an elevation of privilege flaw that had to do with the way Windows Remote Access improperly handles file operations.
CVE-2020-1537 would allow a successful attacker to gain elevated privileges by gaining code execution capability and running an application. Microsoft has a history of issues with Windows operating systems, both new and old. More recently, Microsoft issued what Google said was an incomplete Windows 10 privilege escalation exploit patch. The software giant also announced that users weren't allowed to uninstall it's latest browser, Edge, from their PCs. However, there is a workaround that allows the browser's removal for those needing to regain their storage space.