Microsoft has rushed to launch an update to its Windows desktop operating system. The emergency update addresses a flaw which could let cyber crook
Microsoft has rushed to launch an update to its Windows desktop operating system. The emergency update addresses a flaw which could let cyber crooks take control of your PC behind your back. Breaking away from Microsoft’s monthly Patch Tuesday release, which includes fixes to the latest batch of flaws, vulnerabilities and bugs, the Redmond-based firm clearly decided this particular issue couldn’t afford to wait a few days.
The exception made for the latest patch underlines the urgency of this latest Windows download. Known as KB4578013, the security update brings with it fixes for two Windows Remote Access elevation of privilege vulnerabilities.
These flaws enable hackers to gain elevated privileges – allowing them the same privileges as the owner of the PC – after successfully exploiting the vulnerability. Once they’ve gained administrator privileges, the crooks are able to install software, edit or delete files and data, as well as creating new accounts on your PC hardware that you cannot access.
Microsoft has advised all affected customers need to download the latest patch as soon as possible to protect themselves from the flaw.
READ MORE: Windows 10: Microsoft has a new plan to tackle everything you hate
Fortunately, those running Windows 10 aren’t affected by the flaw. However, the issue impacts all supported versions of Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2. Microsoft said the vulnerability was sparked by the way Windows Remote Access handles file operations and memory.
The Windows makers said: “To exploit [the bugs], an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application to escalate privileges.”
They added: “Customers running other versions of Microsoft Windows or Windows Server do not need to take any action. These vulnerabilities were already addressed for all other supported OSs in the August 11 2020 release.”
To download and install the packages for this Windows update you’ll have to head to the Microsoft Update Catalog website. Once you have installed the KB4578013 security update you won’t need to restart your device.
The news comes after last week Microsoft fixed 120 security vulnerabilities as part of the latest Patch Tuesday release. This fixed 17 issues classified as critical and 103 deemed important. The Patch Tuesday release for August also fixed two zero-day vulnerabilities that Microsoft said had actively been used in attacks.
One of these was a remote code execution vulnerability in Internet Explorer 11.
While the other zero-day flaw allowed attackers to spoof signatures so they could “bypass security features intended to prevent improperly signed files from being loaded.”
Speaking about the former zero-day flaw, dubbed CVE-2020-1380, Microsoft said: “In a web-based attack scenario, an attacker could host a specially crafted website that is designed to exploit the vulnerability through Internet Explorer and then convince a user to view the website.
“An attacker could also embed an ActiveX control marked ‘safe for initialisation’ in an application or Microsoft Office document that hosts the IE rendering engine. The attacker could also take advantage of compromised websites and websites that accept or host user-provided content or advertisements.
“These websites could contain specially crafted content that could exploit the vulnerability.”