Microsoft is rolling out an emergency Windows security update that plugs a vulnerability affecting various versions of the platform. Specifically, the patch handles privilege escalation bugs that have been found in the Windows Remote Access tool.
Usually, Microsoft handles security patches with its month Patch Tuesday rollouts. However, if a flaw is problematic enough, the company will break out of this cycle to issue out of band emergency updates.
With August Patch Tuesday been and gone, this latest patch is one of those out of band releases:
“An out of band security update has been released for Windows 8.1 and Windows Server 2012 R2,” Microsoft notes. “We recommend that you install these updates promptly.”
With the KB4578013 security update, Microsoft is addressing two issues, CVE-2020-1530 and CVE-2020-1537. Both are remote access elevation of privilege flaws found in Windows Remote Access. The company says they affect Windows Server 2012 R2, Windows 8.1, and Windows RT 8.1.
If exploited, the vulnerabilities would allow bad actors to gain elevated access to infected systems. This could be achieved by coding execution privileges on the victim PC. Microsoft is urging users of affected Windows versions to update as soon as possible.
For those on Windows 10 and other versions, the update is not necessary.
“Customers running other versions of Microsoft Windows or Windows Server do not need to take any action” Microsoft says. “These vulnerabilities were already addressed for all other supported OSs in the August 11, 2020 release.”
Users can install these out of band updates through Windows Update at the Microsoft Update Catalog website.
August Patch Tuesday
Earlier this month, Microsoft’s monthly Patch Tuesday fixed a longstanding Windows vulnerability known as GlueBall. Specifically, in the CVE-2020-1464 fix, Microsoft plugged a hole across Windows versions to solve improper handling of file signatures. GlueBall is a vulnerability that was first reported back in 2018.