Microsoft has released an urgent patch for Windows, designed to fix multiple privilege escalation flaws found in the Windows Remote Access service.
"An out of band security update has been released for Windows 8.1 and Windows Server 2012 R2. We recommend that you install these updates promptly," wrote the firm, in a recently published security notice.
According to a Bleeping Computer report, the security patch remedies two Windows Remote Access elevation of privilege vulnerabilities found in all supported versions of Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2. The vulnerabilities are tracked as CVE-2020-1530 and CVE-2020-1537.
As severe as these flaws may be, they still require the attacker to gain code execution privileges on the target device before they can be exploited.
The new patch fixes the issue by altering how Windows Remote Access manages memory and file operations.
"Customers running other versions of Microsoft Windows or Windows Server do not need to take any action. These vulnerabilities were already addressed for all other supported OSs in the August 11, 2020 release," Microsoft added.
The patch can be found in the Microsoft Update Catalog website and no restart is necessary after installing the patch.