/Microsoft’s December 2019 patch Tuesday connects Windows zero day – Mash Viral (via WindowsKernel.com)
Microsoft's December 2019 patch Tuesday connects Windows zero day - Mash Viral

Microsoft’s December 2019 patch Tuesday connects Windows zero day – Mash Viral (via WindowsKernel.com)

Microsoft's December 2019 patch Tuesday connects Windows zero day


Windows 10 version 1909: Why should this feature update be a pleasant surprise?
Microsoft is preparing the November 2019 update for release to the general public. Ed Bott explains what makes this update different from feature updates that scare you. Read more: https://zd.net/2P1kysX

Microsoft today released the security updates for Tuesday patches of December 2019. This month’s updates include fixes for 36 vulnerabilities, including a zero day in the Windows operating system that has been exploited in nature.

“There is a privilege elevation vulnerability in Windows when the Win32k component cannot correctly handle objects in memory,” Microsoft said in a security advisory today.


“An attacker who successfully exploited this vulnerability could execute arbitrary code in kernel mode,” he added. “An attacker could install programs; view, change or delete data; or create new accounts with full user rights.”

Microsoft attributed to Kaspersky Lab security researchers the discovery of the zero day, which it tracks as CVE-2019-1458.

Dustin Childs, a member of Trend Micro’s Zero Day Initiative (ZDI), believes that this zero day of Windows is connected to a zero day that Google patched on Chrome at the end of October (specifically CVE-2019-13720).

“(Kaspersky) reported a UAF on Chrome that was under active exploitation,” Childs said. “When that error (from Chrome) was made public, it was speculated that it was pairing with a Windows kernel error to escape the limited environment.

“While it is not confirmed that this patch is connected to those Chrome attacks, this is the type of error that would be used to perform a sandbox escape,” he added.

According to Kaspersky, Chrome’s zereo-day was being used by a group of hackers called WizardOpium to lure users to malicious sites, where they would use Chrome’s zero day to infect them with malware.

As it is in the Kaspersky tradition, the company will probably publish a blog post tomorrow, explaining how this new zero day of Windows was being used. We will update our coverage accordingly, once the Kaspersky blog post is published.

Other corrections

In total, Microsoft corrected 36 security errors this month, of which only seven were rated as critical. This is Microsoft’s smallest Patch Tuesday update this year, and one of the lightest in the last three years.

Other important errors patched this month that present a serious risk of being used in malware campaigns or targeted attacks are CVE-2019-1468 (a remote code execution on the Win32k component) and CVE-2019-1471 (a remote execution error of code in the Windows Hyper-V Virtualization Toolkit).

In addition to Windows, other products that received corrections include SQL Server, Visual Studio, Skype for Business, Microsoft Office and Microsoft Office Services and Web Apps.

Additional useful information from Tuesday’s patches is below:

  • The official Microsoft Security Update Guide portal lists all security updates in a filterable table.
  • ZDNet also created this page that lists all security updates on a single page, in one place.
  • Additional analysis of Patch Tuesday today is also available in Cisco Talos and Trend Micro.
  • Adobe security updates this month are detailed here.
  • SAP security updates are detailed here.
  • Intel security updates are available here.
  • The Android security bulletin for December 2019 is detailed here. The patches began to be implemented on users’ phones last week.
  • A new version of Google Chrome was also launched today.
  • Apple has also released security updates for iOS and iPadOS 13.3 today.

TagCVE IDCVE Title Service stack updates ADV990001 Latest service stack updates
ADV190026 Microsoft Guide for cleaning orphaned keys generated in vulnerable TPM and used for Windows Hello for Business Software End of Life CVE-2019-1489 Remote desktop protocol Information disclosure vulnerability Microsoft graphics component CVE-2019-1465 Vulnerability of Windows GDI information disclosure Microsoft Graphics Component CVE-2019-1468 Win32k Graphics Code Remote Execution Vulnerability Microsoft CVE-2019-1466 Graphics Component Windows GDI Information Disclosure Vulnerability Microsoft CVE-2019-1467 Windows GDI Information Disclosure Vulnerability Microsoft Office CVE-2019-1400 Microsoft Access Information Disclosure Vulnerability Microsoft Office CVE-2019-1464 Information Disclosure Vulnerability in Microsoft Excel Microsoft Office CVE-2019- 1461 Micro Vulnerability of denial of service of Word s uave Microsoft Office CVE-2019-1462 Microsoft Remote Code Execution Vulnerability C Office-2019-1463 Microsoft Access Information Disclosure Vulnerability CVE-2019-1485 VBScript Remote Code Execution Vulnerability Microsoft Windows CVE-2019- 1453 Windows Remote Desktop Protocol (RDP) Service Denial Vulnerability Microsoft Windows CVE-2019-1476 Windows Privilege Elevation Vulnerability Microsoft Windows CVE-2019-1477 Windows Printer Service Privilege Elevation Vulnerability CVE-2019-1474 Windows Kernel Information Disclosure Vulnerability Microsoft Windows CVE-2019-1478 Windows COM Server Microsoft Privilege Elevation Vulnerability CVE-2019-1483 Windows Microsoft Privilege Elevation Vulnerability Microsoft Windows CVE-2019-1488 Vulnerability bypass the security function of Microsoft Defender Software code or open CVE-2019-1487 Microsoft Authentication Library for Android Information disclosure vulnerability Skype for Business CVE-2019-1490 Skype for Business impersonation vulnerability Skype for Business Server SQL Server CVE -2019-1332 XSS vulnerability in Microsoft SQL Server Reporting Services Visual Studio CVE-2019-1350 Git for Visual Studio Remote Code Execution Vulnerability Visual Studio CVE-2019-1349 Git for Visual Studio Remote Code Vulnerability of Visual Studio CVE-2019-1486 Visual Studio Spoofing Vulnerability Studio Shared Identity Identity CVE-2019-1387 Git for Visual Studio Remote Code Execution Vulnerability Visual Studio CVE-2019-1354 Git for Visua l Remote Code Vulnerability of Studio Visual Studio CVE-2019-1351 Git for Visual Studio Vulnerability of manipulation Visual Studio CVE-2019-1352 Git for Visual Studio Vulnerability of execution n Remote Windows Hyper-V code CVE-2019-1471 Remote Windows Hyper-V code execution Windows Vulnerability Hyper-V CVE-2019-1470 Windows Hyper-V information disclosure Windows Kernel Vulnerability CVE-2019-1472 Windows Kernel Information Disclosure Windows Kernel Vulnerability CVE-2019-1458 Win32k Windows Kernel Privilege Elevation Vulnerability CVE-2019-1469 Win32k Information Disclosure Vulnerability Windows Media Player CVE-2019-1480 Information Disclosure Vulnerability Windows Media Player Windows Media Player CVE-2019-1481 Windows Media Player information disclosure vulnerability Windows Remote Code Execution Vulnerability OLE CVE-2019-1484 on Windows


This is a syndicated post. Read the original post at Source link .