The Information Highway

The Information Highway

Font size: +
4 minutes reading time (842 words)

Microsoft's December 2019 Patch Tuesday Fixes Win32k Zero-day, 36 Flaws

Patch Tuesday

Today is Microsoft's December 2019 Patch Tuesday, which means it is your job to be nice to Windows administrators everywhere and not to take it personal if they are a bit grouchy today.

With the release of the December 2019 security updates, Microsoft has released 2 advisories and updates for 36 vulnerabilities. Of these vulnerabilities, 7 are classified as Critical, 27 as Important, 1 as Moderate, and one as Low.

One of the 'Important' vulnerabilities fixed today is a zero-day privilege elevation vulnerability that was discovered being actively exploited in the wild.

All users should install these security updates as soon as possible in order to protect Windows from known security risks.

For information about the non-security Windows updates, you can read about today's Windows 10 December 2019 Cumulative Updates.

Zero-day privilege elevation vulnerability in Win32k fixed

The December 2019 Patch Tuesday fixes an zero-day privilege elevation vulnerability in the Win32k component that Kaspersky Lab researchers Anton Ivanov and Alexey Kulaev discovered being actively exploited.

This vulnerability is titled "CVE-2019-1458 | Win32k Elevation of Privilege Vulnerability" and could allow an attacker to execute commands in kernel mode, which means that it has full access to the operating system.

An elevation of privilege vulnerability exists in Windows when the Win32k component fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.

To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

The update addresses this vulnerability by correcting how Win32k handles objects in memory.

This Windows vulnerability was chained together with a Chrome zero-day as part of an attack called Operation WizardOpium that Kaspersky detected last month.

Two advisories released

In addition to the security updates, Microsoft also released two advisories today. Once is a servicing stack update and the other is guidance on how to remove orphaned Windows Hello for Business (WHfB) public keys that were created by vulnerable TPM devices.

  • ADV190026 - Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business

  • ADV990001 - Latest Servicing Stack Updates

The December 2019 Patch Tuesday Security Updates

Below is the full list of resolved vulnerabilities and released advisories in the December 2019 Patch Tuesday updates.  To access the full description of each vulnerability and the systems that it affects.

Tag CVE ID CVE Title Severity
  ADV190026 Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business Unknown
End of Life Software CVE-2019-1489 Remote Desktop Protocol Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1465 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1468 Win32k Graphics Remote Code Execution Vulnerability Critical
Microsoft Graphics Component CVE-2019-1466 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1467 Windows GDI Information Disclosure Vulnerability Important
Microsoft Office CVE-2019-1400 Microsoft Access Information Disclosure Vulnerability Important
Microsoft Office CVE-2019-1464 Microsoft Excel Information Disclosure Vulnerability Important
Microsoft Office CVE-2019-1461 Microsoft Word Denial of Service Vulnerability Important
Microsoft Office CVE-2019-1462 Microsoft PowerPoint Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-1463 Microsoft Access Information Disclosure Vulnerability Important
Microsoft Scripting Engine CVE-2019-1485 VBScript Remote Code Execution Vulnerability Low
Microsoft Windows CVE-2019-1453 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability Important
Microsoft Windows CVE-2019-1476 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1477 Windows Printer Service Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1474 Windows Kernel Information Disclosure Vulnerability Important
Microsoft Windows CVE-2019-1478 Windows COM Server Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1483 Windows Elevation of Privilege Vulnerability Important
Microsoft Windows CVE-2019-1488 Microsoft Defender Security Feature Bypass Vulnerability Important
Open Source Software CVE-2019-1487 Microsoft Authentication Library for Android Information Disclosure Vulnerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Skype for Business CVE-2019-1490 Skype for Business Server Spoofing Vulnerability Important
SQL Server CVE-2019-1332 Microsoft SQL Server Reporting Services XSS Vulnerability Important
Visual Studio CVE-2019-1350 Git for Visual Studio Remote Code Execution Vulnerability Critical
Visual Studio CVE-2019-1349 Git for Visual Studio Remote Code Execution Vulnerability Critical
Visual Studio CVE-2019-1486 Visual Studio Live Share Spoofing Vulnerability Important
Visual Studio CVE-2019-1387 Git for Visual Studio Remote Code Execution Vulnerability Critical
Visual Studio CVE-2019-1354 Git for Visual Studio Remote Code Execution Vulnerability Critical
Visual Studio CVE-2019-1351 Git for Visual Studio Tampering Vulnerability Moderate
Visual Studio CVE-2019-1352 Git for Visual Studio Remote Code Execution Vulnerability Critical
Windows Hyper-V CVE-2019-1471 Windows Hyper-V Remote Code Execution Vulnerability Critical
Windows Hyper-V CVE-2019-1470 Windows Hyper-V Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1472 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1458 Win32k Elevation of Privilege Vulnerability Important
Windows Kernel CVE-2019-1469 Win32k Information Disclosure Vulnerability Important
Windows Media Player CVE-2019-1480 Windows Media Player Information Disclosure Vulnerability Important
Windows Media Player CVE-2019-1481 Windows Media Player Information Disclosure Vulnerability Important
Windows OLE CVE-2019-1484 Windows OLE Remote Code Execution Vulnerability Important
DISH slapped with multiple lawsuits after ransomwa...
 

Comments

No comments made yet. Be the first to submit a comment
Friday, 27 December 2024

Captcha Image

Top Breaches Of 2023

Customers Affected In T-Mobile Breach
Accounts Affected In MOVEit Breach
Customers Affected In MCNA Insurance Data Breach
Individuals Affected In PharMerica Data Breach
Users Affected In ChatGPT Major Data Breach
*Founder Shield End of Year 2023