Microsoft Fixes Windows Remote Access Flaws
Microsoft has released a security update that fixes two high-severity elevation-of-privilege bugs. Both flaws exist in Windows Remote Access, which gives remote-access to client applications on computers running Windows. Microsoft patched 120 vulnerabilities in all. The update fixes two flaws in Windows 10, Windows Server 2012, 2016. Users are urged to update their systems.
The first vulnerability, CVE-2020-1530, is from Windows Remote Access which improperly handles memory. To exploit this vulnerability, a hacker would need to execute code on a target system. A hacker could then run a malicious application to elevate privileges. Exploiting the bug is difficult since a hacker needs to be able to execute code to launch the attack. The security update fixes the vulnerability by correcting how Windows Remote Access handles memory.
The second flaw, CVE-2020-1537, stems from the Windows Remote Access service improperly handling file operations. To exploit the vulnerability, hackers would need to execute code on the target system. A hacker who successfully exploits this flaw could gain elevated privileges. The security update addresses the vulnerability by ensuring the Windows Remote Access properly handles file operations.
The fixes come a week after Microsoft issued patches for two flaws under active attack as part of its Patch Tuesday updates. In the push to work remotely, it is important to keep all your systems up to date as businesses face new risks. It is essential to keep your security software up to date and to have several backups to prevent data loss.