In order to fill important flaws in Windows 8.1, RT 8.1 and Server 2012 R2, Microsoft has just released an emergency patch, apart from its traditional Patch Tuesday. Referenced under the numbers CVE-2020-1530 and CVE-2020-1537, these vulnerabilities allow exploitation of the way in which the Remote Access Service (RAS) manages memory and files to achieve elevation of privilege .
To get there, the hacker must already have a foot in the door and have successfully infected the first system. Microsoft nevertheless felt that these flaws were significant enough to justify an emergency publication.
Windows 10 and Windows 7 were also vulnerable to these vulnerabilities, but the system may have been patched on a regular basis during Patch Tuesday last week. This had also made it possible to plug no less than 120 security breaches, 17 of which were classified as critical. Two of them were also actively exploited by hackers.
Source : Hacker News