CVE-2020-1530: Microsoft Releases Emergency Security Updates

Have you noticed an out-of-band security update on your Windows?

The patch is an emergency update which fixes privilege escalation vulnerabilities (CVE-2020-1530, CVE-2020-1537) that affect the Windows Remote Access service in Windows 8.1 and Windows Server 2012 R2 (KB4578013).

CVE-2020-1530, CVE-2020-1537

According to the official advisory, “this update resolves vulnerabilites in the Windows operating systems that are listed in the “Applies to” section”. The vulnerabilities in question are the following:

  • CVE-2020-1530 – An elevation of privilege vulnerability that is triggered when Windows Remote Access improperly handles memory.To exploit this vulnerability, an attacker would first have to gain execution on the targeted system.
  • CVE-2020-1537 – An elevation of privilege vulnerability that is triggered when the Windows Remote Access improperly handles file operations.

The good news is that these vulnerabilities were addressed for all other supported versions of Windows in the August 11 Patch Tuesday. This means that customers running other versions of Windows or Windows Server, except Windows 8.1 and Windows Server 2012 R2 , do not need to take any action, Microsoft says.

Earlier this month, Microsoft released its regular set of updates. One particular vulnerability stood out – CVE-2020-1464. Security researchers revealed that the flaw was actively expoited in malicious attacks for at least two years before Microsoft fixed it.

According to the official description provided by Microsoft, the issue is a spoofing vulnerabilities triggered by the incorrect way Windows validates file signatures. In case of a successful exploit, the attacker could bypass security features and load improperly signed files.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Linkedin Share
Share on Digg Share
Share on Reddit Share
Share on Stumbleupon Share