Microsoft December 2019 Patch Tuesday
This month we got patches for 36 vulnerabilities total. From those, seven are rated critical and one is already being exploited according to Microsoft.
The exploited vulnerability (CVE-2019-1458) may allow a local attacker to elevate privileges and run arbitrary code in kernel mode. This vulnerability was reported by Kaspersky Labs and, according to Zero Day Initiative (ZDI) [1], Kaspersky also reported a UAF vulnerability in Google Chrome web browser [2] early November this year. When Chrome bug became public, there were speculations that it was being used in conjunction with a Windows Kernel bug to escape the sandbox. According to ZDI, while its not confirmed CVE-2019-1458 is connected to Chrome attacks, this is the type of bug that could be used to perform a sandbox escape.
Amongst critical vulnerabilities, it worth mentioning CVE-2019-1471 a Windows Hyper-V Remote Code Execution Vulnerability. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
December 2019 Security Updates
December 2019 Security Updates
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| Git for Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2019-1349 | N | N | - | - | Critical | ||
| CVE-2019-1350 | N | N | - | - | Critical | ||
| CVE-2019-1352 | N | N | - | - | Critical | ||
| CVE-2019-1354 | N | N | - | - | Critical | ||
| CVE-2019-1387 | N | N | - | - | Critical | ||
| Git for Visual Studio Tampering Vulnerability | |||||||
| CVE-2019-1351 | N | N | - | - | Moderate | ||
| Latest Servicing Stack Updates | |||||||
| ADV990001 | N | N | - | - | Critical | ||
| Microsoft Access Information Disclosure Vulnerability | |||||||
| CVE-2019-1400 | N | N | - | - | Important | ||
| CVE-2019-1463 | N | N | - | - | Important | ||
| Microsoft Authentication Library for Android Information Disclosure Vulnerability | |||||||
| CVE-2019-1487 | N | N | - | - | Important | ||
| Microsoft Defender Security Feature Bypass Vulnerability | |||||||
| CVE-2019-1488 | N | N | - | - | Important | 3.3 | 3.0 |
| Microsoft Excel Information Disclosure Vulnerability | |||||||
| CVE-2019-1464 | N | N | - | - | Important | ||
| Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business | |||||||
| ADV190026 | N | N | - | - | - | ||
| Microsoft PowerPoint Remote Code Execution Vulnerability | |||||||
| CVE-2019-1462 | N | N | - | - | Important | ||
| Microsoft SQL Server Reporting Services XSS Vulnerability | |||||||
| CVE-2019-1332 | N | N | - | - | Important | ||
| Microsoft Word Denial of Service Vulnerability | |||||||
| CVE-2019-1461 | N | N | Less Likely | Less Likely | Important | ||
| Remote Desktop Protocol Information Disclosure Vulnerability | |||||||
| CVE-2019-1489 | N | N | - | - | Important | ||
| Skype for Business Server Spoofing Vulnerability | |||||||
| CVE-2019-1490 | N | N | - | - | Important | ||
| VBScript Remote Code Execution Vulnerability | |||||||
| CVE-2019-1485 | N | N | - | - | Important | 7.5 | 6.7 |
| Visual Studio Live Share Spoofing Vulnerability | |||||||
| CVE-2019-1486 | N | N | - | - | Important | ||
| Win32k Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1458 | Y | Y | - | - | Important | 7.8 | 7.2 |
| Win32k Graphics Remote Code Execution Vulnerability | |||||||
| CVE-2019-1468 | N | N | - | - | Critical | 8.4 | 7.6 |
| Win32k Information Disclosure Vulnerability | |||||||
| CVE-2019-1469 | N | N | - | - | Important | 5.5 | 5.0 |
| Windows COM Server Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1478 | N | N | - | - | Important | 7.8 | 7.0 |
| Windows Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1476 | N | N | - | - | Important | 7.8 | 7.0 |
| CVE-2019-1483 | N | N | - | - | Important | 7.8 | 7.0 |
| Windows GDI Information Disclosure Vulnerability | |||||||
| CVE-2019-1465 | N | N | - | - | Important | 5.5 | 5.0 |
| CVE-2019-1466 | N | N | - | - | Important | 5.5 | 5.0 |
| CVE-2019-1467 | N | N | - | - | Important | 5.5 | 5.0 |
| Windows Hyper-V Information Disclosure Vulnerability | |||||||
| CVE-2019-1470 | N | N | - | - | Important | 6.0 | 5.4 |
| Windows Hyper-V Remote Code Execution Vulnerability | |||||||
| CVE-2019-1471 | N | N | - | - | Critical | 8.2 | 7.4 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| CVE-2019-1472 | N | N | - | - | Important | 5.5 | 5.0 |
| CVE-2019-1474 | N | N | - | - | Important | 5.5 | 5.0 |
| Windows Media Player Information Disclosure Vulnerability | |||||||
| CVE-2019-1480 | N | N | - | - | Important | 5.5 | 5.0 |
| CVE-2019-1481 | N | N | - | - | Important | 5.5 | 5.0 |
| Windows OLE Remote Code Execution Vulnerability | |||||||
| CVE-2019-1484 | N | N | - | - | Important | 7.8 | 7.0 |
| Windows Printer Service Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1477 | N | N | - | - | Important | 7.8 | 7.0 |
| Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | |||||||
| CVE-2019-1453 | N | N | Less Likely | Less Likely | Important | 7.5 | 6.7 |
[1] https://www.zerodayinitiative.com/blog/2019/12/10/the-december-2019-security-update-review
[2] https://www.kaspersky.com/blog/google-chrome-zeroday-wizardopium/29126/
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago