Microsoft December 2019 Patch Tuesday
This month we got patches for 36 vulnerabilities total. From those, seven are rated critical and one is already being exploited according to Microsoft.
The exploited vulnerability (CVE-2019-1458) may allow a local attacker to elevate privileges and run arbitrary code in kernel mode. This vulnerability was reported by Kaspersky Labs and, according to Zero Day Initiative (ZDI) [1], Kaspersky also reported a UAF vulnerability in Google Chrome web browser [2] early November this year. When Chrome bug became public, there were speculations that it was being used in conjunction with a Windows Kernel bug to escape the sandbox. According to ZDI, while its not confirmed CVE-2019-1458 is connected to Chrome attacks, this is the type of bug that could be used to perform a sandbox escape.
Amongst critical vulnerabilities, it worth mentioning CVE-2019-1471 a Windows Hyper-V Remote Code Execution Vulnerability. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.
See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com
December 2019 Security Updates
December 2019 Security Updates
| Description | |||||||
|---|---|---|---|---|---|---|---|
| CVE | Disclosed | Exploited | Exploitability (old versions) | current version | Severity | CVSS Base (AVG) | CVSS Temporal (AVG) |
| Git for Visual Studio Remote Code Execution Vulnerability | |||||||
| CVE-2019-1349 | N | N | - | - | Critical | ||
| CVE-2019-1350 | N | N | - | - | Critical | ||
| CVE-2019-1352 | N | N | - | - | Critical | ||
| CVE-2019-1354 | N | N | - | - | Critical | ||
| CVE-2019-1387 | N | N | - | - | Critical | ||
| Git for Visual Studio Tampering Vulnerability | |||||||
| CVE-2019-1351 | N | N | - | - | Moderate | ||
| Latest Servicing Stack Updates | |||||||
| ADV990001 | N | N | - | - | Critical | ||
| Microsoft Access Information Disclosure Vulnerability | |||||||
| CVE-2019-1400 | N | N | - | - | Important | ||
| CVE-2019-1463 | N | N | - | - | Important | ||
| Microsoft Authentication Library for Android Information Disclosure Vulnerability | |||||||
| CVE-2019-1487 | N | N | - | - | Important | ||
| Microsoft Defender Security Feature Bypass Vulnerability | |||||||
| CVE-2019-1488 | N | N | - | - | Important | 3.3 | 3.0 |
| Microsoft Excel Information Disclosure Vulnerability | |||||||
| CVE-2019-1464 | N | N | - | - | Important | ||
| Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business | |||||||
| ADV190026 | N | N | - | - | - | ||
| Microsoft PowerPoint Remote Code Execution Vulnerability | |||||||
| CVE-2019-1462 | N | N | - | - | Important | ||
| Microsoft SQL Server Reporting Services XSS Vulnerability | |||||||
| CVE-2019-1332 | N | N | - | - | Important | ||
| Microsoft Word Denial of Service Vulnerability | |||||||
| CVE-2019-1461 | N | N | Less Likely | Less Likely | Important | ||
| Remote Desktop Protocol Information Disclosure Vulnerability | |||||||
| CVE-2019-1489 | N | N | - | - | Important | ||
| Skype for Business Server Spoofing Vulnerability | |||||||
| CVE-2019-1490 | N | N | - | - | Important | ||
| VBScript Remote Code Execution Vulnerability | |||||||
| CVE-2019-1485 | N | N | - | - | Important | 7.5 | 6.7 |
| Visual Studio Live Share Spoofing Vulnerability | |||||||
| CVE-2019-1486 | N | N | - | - | Important | ||
| Win32k Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1458 | Y | Y | - | - | Important | 7.8 | 7.2 |
| Win32k Graphics Remote Code Execution Vulnerability | |||||||
| CVE-2019-1468 | N | N | - | - | Critical | 8.4 | 7.6 |
| Win32k Information Disclosure Vulnerability | |||||||
| CVE-2019-1469 | N | N | - | - | Important | 5.5 | 5.0 |
| Windows COM Server Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1478 | N | N | - | - | Important | 7.8 | 7.0 |
| Windows Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1476 | N | N | - | - | Important | 7.8 | 7.0 |
| CVE-2019-1483 | N | N | - | - | Important | 7.8 | 7.0 |
| Windows GDI Information Disclosure Vulnerability | |||||||
| CVE-2019-1465 | N | N | - | - | Important | 5.5 | 5.0 |
| CVE-2019-1466 | N | N | - | - | Important | 5.5 | 5.0 |
| CVE-2019-1467 | N | N | - | - | Important | 5.5 | 5.0 |
| Windows Hyper-V Information Disclosure Vulnerability | |||||||
| CVE-2019-1470 | N | N | - | - | Important | 6.0 | 5.4 |
| Windows Hyper-V Remote Code Execution Vulnerability | |||||||
| CVE-2019-1471 | N | N | - | - | Critical | 8.2 | 7.4 |
| Windows Kernel Information Disclosure Vulnerability | |||||||
| CVE-2019-1472 | N | N | - | - | Important | 5.5 | 5.0 |
| CVE-2019-1474 | N | N | - | - | Important | 5.5 | 5.0 |
| Windows Media Player Information Disclosure Vulnerability | |||||||
| CVE-2019-1480 | N | N | - | - | Important | 5.5 | 5.0 |
| CVE-2019-1481 | N | N | - | - | Important | 5.5 | 5.0 |
| Windows OLE Remote Code Execution Vulnerability | |||||||
| CVE-2019-1484 | N | N | - | - | Important | 7.8 | 7.0 |
| Windows Printer Service Elevation of Privilege Vulnerability | |||||||
| CVE-2019-1477 | N | N | - | - | Important | 7.8 | 7.0 |
| Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | |||||||
| CVE-2019-1453 | N | N | Less Likely | Less Likely | Important | 7.5 | 6.7 |
[1] https://www.zerodayinitiative.com/blog/2019/12/10/the-december-2019-security-update-review
[2] https://www.kaspersky.com/blog/google-chrome-zeroday-wizardopium/29126/
--
Renato Marinho
Morphus Labs| LinkedIn|Twitter
Comments
Anonymous
Dec 10th 2019
4 years ago