Newsletter Archives

  • Microsoft Releases Out-of-Band Patch KB4578013 for Win8.1

    Microsoft has released KB4578013 for Win8.1 and Windows Server 2012 R2 on 8/18/2020. This Update covers CVE-2020-1530 and CVE-2020-1537 Windows Remote Access Elevation of Privilege Vulnerabilities.
    These vulnerabilities were covered for other versions of Windows in the August Patch Tuesday updates.

    KB4578013 is being offered as a checked Important update through Windows Update. It is also available for download from the MS Update Catalog.

    MITRE CVE-2020-1530

    An elevation of privilege vulnerability exists when Windows Remote Access improperly handles memory.

    To exploit this vulnerability, an attacker would first have to gain execution on the victim system. An attacker could then run a specially crafted application to elevate privileges.

    The security update addresses the vulnerability by correcting how Windows Remote Access handles memory.

    MITRE CVE-2020-1537

    An elevation of privilege vulnerability exists when the Windows Remote Access improperly handles file operations. An attacker who successfully exploited this vulnerability could gain elevated privileges.

    To exploit the vulnerability, an attacker would first need code execution on a victim system. An attacker could then run a specially crafted application.

    The security update addresses the vulnerability by ensuring the Windows Remote Access properly handles file operations.

  • Windows 8.1 update scans slow down for Flash updates?

    I can’t replicate the experience, but here’s an observation from JA:

    This doesn’t seem logical to me, and I’ve seen nothing about it on your website, but my experience over the past couple of months is this:  my Windows 8.1 update scans become very slow when the FLASH update is on the list of available patches, and go back to normal when I get it off the list by installing it.

    In May it was taking about a half hour for each update scan to finish, and then, after I installed the day’s Windows Defender definition, Windows Update would keep running for another half hour, using half of the CPU capacity. On May 30 (when you changed the DefCon level) I installed all the May security patches, including Flash, and speed went back to normal- but I had no way of knowing what patch made the difference.   But, in June, MS released the Flash update separately, two days after patch Tuesday.  My update scans continued to be fast and trouble-free right through patch Tuesday (I installed none at that time, except Windows Defender definitions), but on Thursday, coincident with the June Flash patch appearing on the list, it was back to a half hour for each scan. So, after a day or two of that,  I thought that if the scans slowed down with the  arrival of the Flash update, maybe if I got it off the update list the problem would go away-  so I went ahead and installed the Flash update. To my surprise it worked- update speed went back to normal.   I installed the rest of the June security patches on July 1, no problem. All was well until July patch Tuesday.   It took about 80 minutes for the July update list to appear, including the Flash update. Then, after a day or two of slow update scans, I installed the July Flash patch. (Nothing else, except Windows Defender definitions.)  Just like last month, the slow update scan problem went away.  For what it’s worth, that’s been my experience.

    I noticed  in the “installed updates” list that since February the Flash updates have no KB number in the title, as they did previously.  If you click on one the KB number appears, but otherwise it’s hidden. A search of “installed updates” for any of the recent Flash KB numbers brings up nothing, since the KB numbers aren’t there. I wonder if this change could have anything to do with messing up the update scans.

    Anybody out there see something like that?

  • What we know about the next versions of Windows

    Precious little.

    InfoWorld Tech Watch.