Microsoft issued an out-of-band software update for Windows 8.1 and Windows Server 2012 R2 systems to patch security vulnerabilities, which flaws are tracked as CVE-2020-1530 and CVE-2020-1537, residing in the Remote Access Service (RAS) memory and file managements.
While the Remote Access Service (RAS) provides remote access capabilities to applications on systems running Microsoft Windows to connect to the server and access internal resources via the Internet.
The patches for both vulnerabilities were released on August 11 with another batch on Patch Tuesday updates, which later update was for Windows 7, 10, and Windows Server 2008/2012/2016/2019, and Windows Server versions 1903/1909/2004 systems.
How the Remote Access Elevation of Privilege Vulnerability affect Windows Systems
The Remote Access Elevation of Privilege Vulnerability exists when Windows Remote Access improperly handles memory, and the flaws could be exploited by an attacker to run a maliciously crafted application to elevate privileges, which the attacker must first gain execution on the victim system.
Microsoft promptly issued a security update to address the vulnerability by correcting how Windows Remote Access handles memory managements.
And the vulnerability is awarded a CVSS score of 7.8 out of 10 and 'important' in severity, and it's highly recommended for Windows users to install the newly released security patches as soon as possible to protect their systems from potential attacks.
How to Mitigate against the Remote Access Elevation of Privilege Vulnerability
Microsoft has also made available standalone packages (KB4578013) for affected users on Windows 8.1, Windows RT 8.1, or Windows Server 2012 R2 to download and install from the Microsoft Update Catalogue.
The Patch Tuesday updates also addressed about 120 other newly discovered software vulnerabilities, 17 of which were rated as critical, and 2 as being actively exploited in the wild.