HomeWinBuzzer NewsMicrosoft Issues Emergency Windows Patch for Two Vulnerabilities

Microsoft Issues Emergency Windows Patch for Two Vulnerabilities

Microsoft has sent out an out of band update for some Windows versions to tackle vulnerabilities in Windows Remote Access.

-

is rolling out an emergency Windows security update that plugs a vulnerability affecting various versions of the platform. Specifically, the patch handles privilege escalation bugs that have been found in the Windows Remote Access tool.

Usually, Microsoft handles security patches with its month rollouts. However, if a flaw is problematic enough, the company will break out of this cycle to issue out of band emergency updates.

With August Patch Tuesday been and gone, this latest patch is one of those out of band releases:

“An out of band security update has been released for and 2012 R2,” Microsoft notes. “We recommend that you install these updates promptly.”

With the KB4578013 security update, Microsoft is addressing two issues, CVE-2020-1530 and CVE-2020-1537. Both are remote access elevation of privilege flaws found in Windows Remote Access. The company says they affect Windows Server 2012 R2, Windows 8.1, and Windows RT 8.1.

If exploited, the vulnerabilities would allow bad actors to gain elevated access to infected systems. This could be achieved by coding execution privileges on the victim PC. Microsoft is urging users of affected Windows versions to update as soon as possible.

For those on Windows 10 and other versions, the update is not necessary.

“Customers running other versions of or Windows Server do not need to take any action” Microsoft says. “These vulnerabilities were already addressed for all other supported OSs in the August 11, 2020 release.”

Users can install these out of band updates through at the Microsoft Update Catalog website.

August Patch Tuesday

Earlier this month, Microsoft's monthly Patch Tuesday fixed a longstanding Windows vulnerability known as GlueBall. Specifically, in the CVE-2020-1464 fix, Microsoft plugged a hole across Windows versions to solve improper handling of file signatures. GlueBall is a vulnerability that was first reported back in 2018.

SourceMicrosoft
Luke Jones
Luke Jones
Luke has been writing about all things tech for more than five years. He is following Microsoft closely to bring you the latest news about Windows, Office, Azure, Skype, HoloLens and all the rest of their products.

Recent News

Mastodon