In a security update, Microsoft alerted customers to “out-of-band” emergency updates for Windows 8.1, RT 8.1, and Server 2012 R2 called KB4578013. As explained in the notice, there are two major vulnerabilities that prompted the emergency update. Both vulnerabilities allow for malicious actors to execute code remotely and wreak havoc on the target system. Microsoft usually handles updates in its Patch Tuesday releases, but the flaw here was deemed serious enough to warrant an emergency release.
The first patched vulnerability, CVE-2020-1530, occurs “when Windows Remote Access improperly handles memory.” This allows for a threat actor to gain privilege escalation capabilities when a specific code is executed. There are no ways to mitigate the exploit, and there are no known workarounds. The exploit was uncovered by Symeon Paraschoudis of Pen Test Partners.
The second patched vulnerability, CVE-2020-1537, is caused by Windows Remote Access mishandling file operations. According to the threat report, to exploit the vulnerability, “an attacker would first need code execution on a victim system.” Following this, “an attacker could then run a specially crafted application” that gives increased access to the targeted machine. Like the previous exploit, there are no mitigation strategies, and there are no workarounds known at this time. The vulnerability was disclosed by an anonymous researcher.
According to Microsoft, the KB4578013 update does not require a device restart to activate the patches’ full exploit protection. To install these Windows emergency updates, you have to go to the Microsoft Update Catalog page link found at this link. There you will find three standalone updates, two for the Windows 8.1 OS and one for Windows Server 2012 R2.
Now that these exploits are explained in detail by Microsoft, there is going to be an uptick from hackers attempting to use them for attacks. As this is the case, anyone affected by these vulnerabilities should install these Windows emergency updates as soon as possible. The last thing you need is a threat actor gaining admin access to your machine and having the (preventable) situation get out of hand.
Featured image: Shutterstock / TechGenix photo illustration