Hello everyone,
Microsoft on August 19, released an emergency out-of-band update for two privilege escalation vulnerabilities disclosed in Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems.
The vulnerabilities are tracked as CVE-2020-1530 and CVE-2020-1537. Both of these vulnerabilities exist in Windows Remote Access Service (RAS) and when exploited, grant elevated privileges to remote attackers.
A patch for both vulnerabilities for Windows 10, Windows 7, and Windows Server 2008, 2012, 2016, 2019, and Windows Server versions 1903, 1909, and 2004 systems was released last Patch Tuesday.
A week later, Windows 8.1 and Windows Server 2012 R2 were also found vulnerable to these security vulnerabilities. Since a CVSS score of 7.8 is given to these vulnerabilities, it is highly recommended to patch them as soon as possible to protect servers against potential attacks.
To patch these vulnerabilities using Patch Manager Plus, initiate a sync between the Central Patch Repository and the Patch Manager Plus server. Search for the following Patch IDs or Bulletin ID and install them in your Windows 8.1 and Windows Server 2012 R2 machines.
Patch ID | Bulletin ID | Patch Description |
29699 | MS20-AUG16 | Security Update for Windows Server 2012 R2 for x64-based Systems (KB4578013) |
29698 | MS20-AUG16 | Security Update for Windows 8.1 for x64-based Systems (KB4578013) |
29700 | MS20-AUG16 | Security Update for Windows 8.1 for x86-based Systems (KB4578013) |
Cheers,
The ManageEngine Team