This month we got patches for 36 vulnerabilities total. From those, seven are rated critical and one is already being exploited according to Microsoft. 

The exploited vulnerability (CVE-2019-1458) may allow a local attacker to elevate privileges and run arbitrary code in kernel mode. This vulnerability was reported by Kaspersky Labs and, according to Zero Day Initiative  (ZDI) [1], Kaspersky also reported a UAF vulnerability in Google Chrome web browser [2] early November this year. When Chrome bug became public, there were speculations that it was being used in conjunction with a Windows Kernel bug to escape the sandbox. According to ZDI, while its not confirmed CVE-2019-1458 is connected to Chrome attacks, this is the type of bug that could be used to perform a sandbox escape. 

Amongst critical vulnerabilities, it worth mentioning CVE-2019-1471 a Windows Hyper-V Remote Code Execution Vulnerability. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

December 2019 Security Updates

December 2019 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Git for Visual Studio Remote Code Execution Vulnerability
%%cve:2019-1349%% N N - - Critical    
%%cve:2019-1350%% N N - - Critical    
%%cve:2019-1352%% N N - - Critical    
%%cve:2019-1354%% N N - - Critical    
%%cve:2019-1387%% N N - - Critical    
Git for Visual Studio Tampering Vulnerability
%%cve:2019-1351%% N N - - Moderate    
Latest Servicing Stack Updates
ADV990001 N N - - Critical    
Microsoft Access Information Disclosure Vulnerability
%%cve:2019-1400%% N N - - Important    
%%cve:2019-1463%% N N - - Important    
Microsoft Authentication Library for Android Information Disclosure Vulnerability
%%cve:2019-1487%% N N - - Important    
Microsoft Defender Security Feature Bypass Vulnerability
%%cve:2019-1488%% N N - - Important 3.3 3.0
Microsoft Excel Information Disclosure Vulnerability
%%cve:2019-1464%% N N - - Important    
Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business
ADV190026 N N - - -    
Microsoft PowerPoint Remote Code Execution Vulnerability
%%cve:2019-1462%% N N - - Important    
Microsoft SQL Server Reporting Services XSS Vulnerability
%%cve:2019-1332%% N N - - Important    
Microsoft Word Denial of Service Vulnerability
%%cve:2019-1461%% N N Less Likely Less Likely Important    
Remote Desktop Protocol Information Disclosure Vulnerability
%%cve:2019-1489%% N N - - Important    
Skype for Business Server Spoofing Vulnerability
%%cve:2019-1490%% N N - - Important    
VBScript Remote Code Execution Vulnerability
%%cve:2019-1485%% N N - - Important 7.5 6.7
Visual Studio Live Share Spoofing Vulnerability
%%cve:2019-1486%% N N - - Important    
Win32k Elevation of Privilege Vulnerability
%%cve:2019-1458%% Y Y - - Important 7.8 7.2
Win32k Graphics Remote Code Execution Vulnerability
%%cve:2019-1468%% N N - - Critical 8.4 7.6
Win32k Information Disclosure Vulnerability
%%cve:2019-1469%% N N - - Important 5.5 5.0
Windows COM Server Elevation of Privilege Vulnerability
%%cve:2019-1478%% N N - - Important 7.8 7.0
Windows Elevation of Privilege Vulnerability
%%cve:2019-1476%% N N - - Important 7.8 7.0
%%cve:2019-1483%% N N - - Important 7.8 7.0
Windows GDI Information Disclosure Vulnerability
%%cve:2019-1465%% N N - - Important 5.5 5.0
%%cve:2019-1466%% N N - - Important 5.5 5.0
%%cve:2019-1467%% N N - - Important 5.5 5.0
Windows Hyper-V Information Disclosure Vulnerability
%%cve:2019-1470%% N N - - Important 6.0 5.4
Windows Hyper-V Remote Code Execution Vulnerability
%%cve:2019-1471%% N N - - Critical 8.2 7.4
Windows Kernel Information Disclosure Vulnerability
%%cve:2019-1472%% N N - - Important 5.5 5.0
%%cve:2019-1474%% N N - - Important 5.5 5.0
Windows Media Player Information Disclosure Vulnerability
%%cve:2019-1480%% N N - - Important 5.5 5.0
%%cve:2019-1481%% N N - - Important 5.5 5.0
Windows OLE Remote Code Execution Vulnerability
%%cve:2019-1484%% N N - - Important 7.8 7.0
Windows Printer Service Elevation of Privilege Vulnerability
%%cve:2019-1477%% N N - - Important 7.8 7.0
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
%%cve:2019-1453%% N N Less Likely Less Likely Important 7.5 6.7

 

[1] https://www.zerodayinitiative.com/blog/2019/12/10/the-december-2019-security-update-review

[2] https://www.kaspersky.com/blog/google-chrome-zeroday-wizardopium/29126/

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status