Microsoft has released an out of band security update today for Windows 8.1 and Windows Server 2012 R2, addressing two elevation of privilege vulnerabilities. Both can be exploited remotely, pushing the Windows maker to deliver KB4578013.
Tracked as CVE-2020-1530 and CVE-2020-1537, Microsoft said that the bugs were fixed in all the supported operating systems through the August 11 monthly cumulative updates. Today's note reads:
Take action: August 19, 2020: Windows 8.1 and Windows Server 2012 R2 out of band security update available
An out of band security update has been released for Windows 8.1 and Windows Server 2012 R2. This update addresses two Windows Remote Access Elevation of Privilege vulnerabilities. We recommend that you install these updates promptly. For information about the update, see KB4578013. For more information about these vulnerabilities, see CVE-2020-1530 and CVE-2020-1537.
Out of band Windows update fixes two security vulnerabilities
CVE-2020-1530 is a "Windows Remote Access Elevation of Privilege Vulnerability" that exists when Windows Remote Access improperly handles memory. An attacker would first need to gain execution on the victim system and then run a specially crafted application to elevate privileges.
"The security update addresses the vulnerability by correcting how Windows Remote Access handles memory," Microsoft writes.
The second vulnerability, tracked as CVE-2020-1537, is an elevation of privilege flaw that exists when the Windows Remote Access improperly handles file operations. "An attacker who successfully exploited this vulnerability could gain elevated privileges," the company explains.
To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.
The security update addresses the vulnerability by ensuring the Windows Remote Access properly handles file operations.
For more details on KB4578013 for Windows 8.1 and Windows Server 2012 R2, head over to the official support document.