{"id":15670,"date":"2020-09-11T13:03:38","date_gmt":"2020-09-11T11:03:38","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=15670"},"modified":"2020-09-11T13:03:38","modified_gmt":"2020-09-11T11:03:38","slug":"0patch-fixt-cve-2020-1530-in-windows-7-server-2008-r2","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/09\/11\/0patch-fixt-cve-2020-1530-in-windows-7-server-2008-r2\/","title":{"rendered":"0patch fixes CVE-2020-1530 in Windows 7\/Server 2008 R2"},"content":{"rendered":"

\"win7\" [German<\/a>]ACROS Security has released a micropatch for the vulnerability CVE-2020-1530 (Use-after-free bug in Windows Remote Access Phonebook) for Windows 7 and Server 2008 R2 (without ESU license).<\/p>\n

<\/p>\n

The vulnerability CVE-2020-1530 <\/h2>\n

\"\"CVE-2020-1530<\/a> was issued for a remote access elevation of privilege vulnerability in Windows. Microsoft does not provide details, but only writes that an elevated privilege escalation exists if Windows Remote Access handles memory improperly. According to Microsoft, to exploit this vulnerability, an attacker would first have to obtain execution on the victim's system (but can do so remotely). An attacker could then execute a specially crafted application to elevate privileges.<\/p>\n

However, ACROS Security states that it is a use-after-free vulnerability in Windows Phonebook that allows attacks via Windows Remote Access. Microsoft released security updates for Windows 7 to Windows 10 on August 11, 2020. However, users of Windows 7 SP1 and Windows Server 2008 R2 who do not have an ESU license will no longer receive the security updates released by Microsoft. <\/p>\n

0patch-Fix for Windows 7 SP1\/Server 2008 R2<\/h2>\n

ACROS Security has developed a micropatch for the vulnerability CVE-2020-1530. I got aware of the information about the release of the micropatch for Windows 7 SP1 and Windows Server 2008 R2 via Twitter<\/a>.  <\/p>\n

\"0patch-Fix<\/a>
(0patch Fix for CVE-2020-1530 ) <\/p>\n

This micropatch is now available for 0patch users with PRO license and is already applied to all online computers with 0patch Agent (except in non-standard enterprise configurations). As always, there is no need to restart the computer and users' work is not interrupted. <\/p>\n

For information on how the 0patch Agent works, which loads the micro-patches into memory at runtime of an application, please refer to the blog posts (e.g. here<\/a>) I have linked below.  <\/p>\n

Similar articles:
<\/strong>Windows 7: Forcing February 2020 Security Updates<\/a> \u2013 Part 1
Windows 7: Securing with the 0patch solution<\/a> \u2013 Part 2
Windows 7\/Server 2008\/R2: 0patch delivers security patches after support ends<\/a>
Project: Windows 7\/Server 2008\/R2 Life Extension & 0patch one month trial<\/a>
0patch: Fix for Internet Explorer 0-day vulnerability CVE-2020-0674<\/a>
0patch: Fix for Windows Installer flaw CVE-2020-0683<\/a>
0patch fix for Windows GDI+ vulnerability CVE-2020-0881<\/a>
0-day vulnerability in Windows Adobe Type Library<\/a>
0patch fixes CVE-2020-0687 in Windows 7\/Server 2008 R2<\/a>
0patch fixes CVE-2020-1048 in Windows 7\/Server 2008 R2<\/a>
0patch fixes CVE-2020-1015 in Windows 7\/Server 2008 R2<\/a>
0patch for 0-day RCE vulnerability in Zoom for Windows<\/a>
Windows Server 2008 R2: 0patch fixes SIGRed vulnerability<\/a>
0patch fixes CVE-2020-1113 in Windows 7\/Server 2008 R2<\/a>
0patch fixes CVE-2020-1337 in Windows 7\/Server 2008 R2<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

[German]ACROS Security has released a micropatch for the vulnerability CVE-2020-1530 (Use-after-free bug in Windows Remote Access Phonebook) for Windows 7 and Server 2008 R2 (without ESU license).<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580,2],"tags":[991,1079,17],"class_list":["post-15670","post","type-post","status-publish","format-standard","hentry","category-security","category-windows","tag-0patch","tag-sicherheit","tag-windows-7"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15670","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=15670"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15670\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=15670"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=15670"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=15670"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}