December 2019 Patch Tuesday – 36 Vulns, 7 Critical, Actively Attacked Win32k vuln, Adobe vulns
Last updated on: October 27, 2022
This month’s Patch Tuesday is rather light and addresses 36 vulnerabilities, with only 7 labeled as Critical. Five of the seven Critical vulns are in Git for Visual Studio. The others are for Hyper-V and Win32k. Also, there is one actively attacked “Important” vuln in Win32k. Adobe released patches today covering Acrobat/Reader, ColdFusion, Photoshop, and Brackets.
Win32k patches (CVE-2019-1468 and CVE-2019-1458) should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users.
Though listed as Important, Microsoft has disclosed that CVE-2019-1458 is actively attacked in the wild.
Hyper-V Hypervisor Escapes
A remote code execution vulnerability (CVE-2019-1471) is patched in Hyper-V that would allow an authenticated user on a guest system to run arbitrary code on the host system. Microsoft notes that exploitation of this vulnerability is less likely, but these patches should still be prioritized for all Hyper-V systems.
Git for Visual Studio
Microsoft patched 5 vulnerabilities (CVE-2019-1354, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387, and CVE-2019-1349) in Git for Visual Studio. Exploitation requires that a user clones a malicious repo. Based on the details provided, the vulnerabilities appear to all be Command Injection. These patches should be prioritized for any Visual Studio installations that use Git.
Adobe’s Patch Tuesday covers Acrobat/Reader, ColdFusion, Photoshop, and Brackets. The patches for Acrobat/Reader (21 vulns) and ColdFusion (1 vuln) are listed as Priority 2, while the patches for Photoshop (2 vulns) and Brackets (1 vuln) are labeled Priority 3. The Acrobat/Reader patches should be prioritized for Workstations with this software installed, and the ColdFusion patches should be prioritized on ColdFusion servers.