⚡ TL;DR: Go Straight to the December 2019 Patch Tuesday Audit Report.
Can you believe another year has passed and we've reached the last Patch Tuesday of the year? Microsoft fixed a total of 36 CVE-numbered flaws, seven of which are rated as critical. The Patch Tuesday, December 2019 rollup also includes one actively exploited zero-day vulnerability.
Microsoft released updates to fix three dozen security holes in its Windows operating system and other software. The patches include fixes for Git for Visual Studio, Hyper-V Hypervisor, and Win32k Graphics component of Windows, and more.
The Windows Hyper-V vulnerability (CVE-2019-1471) enables a guest virtual machine to compromise the hypervisor, escaping from a guest virtual machine to the host, or escaping from one guest virtual machine to another guest virtual machine.
Actively Exploited Win32k Zero-Day Vulnerability used in Operation WizardOpium
With its latest and last Patch Tuesday for 2019, Microsoft has fixed a new Windows zero-day vulnerability that attackers are actively exploiting in the wild, in combination with a Chrome exploit to take remote control over affected computers.
Tracked as CVE-2019-1458, the newly patched zero-day Win32k privilege escalation vulnerability was used in Operation WizardOpium attacks to gain higher privileges on targeted systems by escaping the Chrome sandbox. Google addressed this flaw in Chrome 78.0.3904.87 through an emergency update.
Windows 7 to Show Full-Screen Out-of-Support Alerts
We only have one Patch Tuesday left until Microsoft ends support for Windows 7 and Server 2008/2008 R2. After January 14, 2020, Microsoft will no longer provide free security updates and support for workstations running Windows 7. If you continue to use the Windows 7 OS and you opt-out of purchasing Extended Security Updates, your computer will still work, but it will be more vulnerable to security risks.
When Windows 7 reaches EOL, the operating system will display a full-screen warning stating that Windows is more vulnerable to viruses and that you should upgrade to Windows 10.
In their Windows 7 KB4530734 Monthly Rollup, Microsoft has pushed out a new version of the EOSnotify.exe program that will display an alert that explains why users should upgrade to Windows 10. Starting on January 15th, 2020, most Windows 7 users will receive the full-screen alert when they log in. So update to Windows 10 before your Windows 7 goes End of Life.
Adobe Security Updates
Adobe released its December Security Update containing multiple vulnerability advisories covering Adobe Photoshop CC, Brackets, Acrobat DC and Acrobat Reader. Since Adobe software is frequently used in corporate environments, it is important to keep these software packages up to date to prevent any security risks.
Adobe's Security Update includes 4 main topics:
- APSB19-58 - Security update available for Adobe ColdFusion
- APSB19-57 - Security update available for Brackets
- APSB19-56 - Security update available for Adobe Photoshop CC
- APSB19-55 - Security update available for Adobe Acrobat and Reader
If you are using any of these Adobe products throughout your network, it would be advised that you update your computers with the latest components as soon as possible.
Run the December 2019 Patch Tuesday Audit Report
Similar to previous months, we've created an Audit Report that checks if the assets in your network are on the latest Microsoft patch update. It's color-coded to give you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched. All admins are advised to install these security updates as soon as possible to protect Windows from security risks.
If you haven't already, start your free trial of Lansweeper to run the Microsoft Patch Tuesday Report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.