14 DAY TRIAL // Microsoft has released an out of band update for Windows users, and it is available right now from the Microsoft Update Catalog.
KB4578013 is an out-of-band update that is specifically aimed at Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2, and it comes to resolve two different security vulnerabilities discovered in these operating systems.
Windows 10 devices are not affected by these flaws, so if you’re running the most recent Windows version with up-to-date patches, you should be perfectly secure.
The two vulnerabilities that this update is aimed at are both elevation of privilege bugs, as it follows:
- CVE-2020-1530 | Windows Remote Access Elevation of Privilege Vulnerability
- CVE-2020-1537 | Windows Remote Access Elevation of Privilege Vulnerability
Microsoft says whoever managed to take advantage of the bug can end up being able to gain elevated rights on the device.
“To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges,” the company explains.
What’s important to know is that this vulnerability also exists in other Windows versions, including Windows 10, but this time it’s been corrected with the cumulative updates that have already been published by the company as part of this month’s Patch Tuesday cycle.
In other words, just make sure that your device is fully patched to avoid any potential exploit.
Windows 7 is also vulnerable, Microsoft has confirmed, but as we know already, this OS version is no longer getting any security patches since January this year. What this means is that the bug will just remain unpatched unless your device has been configured to receive extended security updates, which are available with a fee from Microsoft.
The second vulnerability, which is documented in CVE-2020-1537, is an elevation of privilege that can be exploited due to how Windows Remote Access handles file operations.
“To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application,” Microsoft says.
Once again, the company explains that the bug hasn’t been publicly disclosed, and it’s not currently being exploited by malicious actors. This is the good news.
The bad news is that all the other Windows versions are exposed too, and once again, these have already received patches as part of this month’s Update Tuesday on August 11. This shows just how important it is for your device to be fully up to date, so even if you’re on Windows 10, it’s time to install the latest updates to make sure the computer is protected.
Once again, Windows 7 is one of the Windows operating systems that are vulnerable to attacks but given no security updates are now released for this OS version, only devices enrolled in Microsoft’s ESU program are patched.
As far as Windows 8.1 users are concerned, they are recommended to install the new update as soon as possible, despite the said vulnerabilities not being exploited in the wild right now. But given more details have surfaced lately, unpatched devices are now exposed to more risks, so keeping all PCs in the fleet up to date is the best way to go right now.