Rewterz Threat Advisory – Security Updates for Windows 8.1 and Server 2012 R2

Severity

High

Analysis Summary

Microsoft has issued an emergency out-of-band software update for Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2 systems to patch two new recently disclosed security vulnerabilities.
Tracked as CVE-2020-1530 and CVE-2020-1537, both flaws reside in the Remote Access Service (RAS) in a way it manages memory and file operations and could let remote attackers gain elevated privileges after successful exploitation.
In brief, the Remote Access Service functionality of the Windows operating system allows remote clients to connect to the server and access internal resources from anywhere via the Internet.

A patch for both vulnerabilities was first released on August 11 with the batch of August Patch Tuesday updates, but it was for Windows 10, Windows 7, and Windows Server 2008, 2012, 2016, 2019, and Windows Server versions 1903, 1909, and 2004 systems.

Impact

• Unauthorized Remote Access
• Privilege Escalation 

Affected Vendors

Microsoft

Affected Products

• Windows 8.1
• Windows RT 8.1
• Windows Server 2012 R2

Remediation

• It is highly recommended for Windows users and sysadmins to install newly available security patches as soon as possible to protect their servers against potential widespread attacks.
• Affected users running Windows 8.1, Windows RT 8.1, or Windows Server 2012 R2 can also download and install the standalone packages (KB4578013) from the Microsoft Update Catalog website.