Microsoft has released a need-out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently public security vulnerabilities.
Detected as CVE-2020-1530 and CVE-2020-1537, both have flaws in the Remote Access Service (RAS) in a way that manages memory and file actions and could allow attackers to remotely increase privileges after successful exploitation.
In short, the remote operating system functionality of Windows allows remote clients to connect to the server and access internal resources from anywhere via the Internet.
A patch for both vulnerabilities was first released on August 11 with the batch of August Patch Tuesday updates, but it was for Windows 10, Windows 7, and Windows Server 2008, 2012, 2016, 2019, and Windows Server versions 1903, 1909, and 2004 systems.
One week later, yesterday, on August 19, the company announced that Windows 8.1 and Windows Server 2012 R2 systems are vulnerable to both private escalation vulnerabilities and unrelated cartridges.
With a CVSS score of 7.8 out of 10 and ‘important’ in all seriousness, it is highly recommended for Windows users and sysadmins to install available security patches as soon as possible to protect their servers from possible widespread attacks.
Affected users with Windows 8.1, Windows RT 8.1, or Windows Server 2012 R2 can also download and install the standalone packages (KB4578013) from the Microsoft Update Catalog Web site.
In addition to these two bugs, Patch Tuesday’s recent updates on Tuesday addressed a total of 120 newly discovered software vulnerabilities, 17 of which have been critically reviewed, and 2 of which are being exploited in the wild.
Interestingly, as mentioned in our previous report, if you left unpatch, your Windows computer could be hacked, even if you:
- Play a video file,
- Listen to audio,
- Web browser,
- Edit in HTML page,
- Read in PDF,
- Receive an email,
- and many other activities that seek innocence.
.
