Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Microsoft December 2019 Patch Tuesday SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Microsoft December 2019 Patch Tuesday

This month we got patches for 36 vulnerabilities total. From those, seven are rated critical and one is already being exploited according to Microsoft. 

The exploited vulnerability (CVE-2019-1458) may allow a local attacker to elevate privileges and run arbitrary code in kernel mode. This vulnerability was reported by Kaspersky Labs and, according to Zero Day Initiative  (ZDI) [1], Kaspersky also reported a UAF vulnerability in Google Chrome web browser [2] early November this year. When Chrome bug became public, there were speculations that it was being used in conjunction with a Windows Kernel bug to escape the sandbox. According to ZDI, while its not confirmed CVE-2019-1458 is connected to Chrome attacks, this is the type of bug that could be used to perform a sandbox escape. 

Amongst critical vulnerabilities, it worth mentioning CVE-2019-1471 a Windows Hyper-V Remote Code Execution Vulnerability. To exploit the vulnerability, an attacker could run a specially crafted application on a guest operating system that could cause the Hyper-V host operating system to execute arbitrary code.

See Renato's dashboard for a more detailed breakout: https://patchtuesdaydashboard.com

December 2019 Security Updates

December 2019 Security Updates

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
Git for Visual Studio Remote Code Execution Vulnerability
CVE-2019-1349 N N - - Critical    
CVE-2019-1350 N N - - Critical    
CVE-2019-1352 N N - - Critical    
CVE-2019-1354 N N - - Critical    
CVE-2019-1387 N N - - Critical    
Git for Visual Studio Tampering Vulnerability
CVE-2019-1351 N N - - Moderate    
Latest Servicing Stack Updates
ADV990001 N N - - Critical    
Microsoft Access Information Disclosure Vulnerability
CVE-2019-1400 N N - - Important    
CVE-2019-1463 N N - - Important    
Microsoft Authentication Library for Android Information Disclosure Vulnerability
CVE-2019-1487 N N - - Important    
Microsoft Defender Security Feature Bypass Vulnerability
CVE-2019-1488 N N - - Important 3.3 3.0
Microsoft Excel Information Disclosure Vulnerability
CVE-2019-1464 N N - - Important    
Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business
ADV190026 N N - - -    
Microsoft PowerPoint Remote Code Execution Vulnerability
CVE-2019-1462 N N - - Important    
Microsoft SQL Server Reporting Services XSS Vulnerability
CVE-2019-1332 N N - - Important    
Microsoft Word Denial of Service Vulnerability
CVE-2019-1461 N N Less Likely Less Likely Important    
Remote Desktop Protocol Information Disclosure Vulnerability
CVE-2019-1489 N N - - Important    
Skype for Business Server Spoofing Vulnerability
CVE-2019-1490 N N - - Important    
VBScript Remote Code Execution Vulnerability
CVE-2019-1485 N N - - Important 7.5 6.7
Visual Studio Live Share Spoofing Vulnerability
CVE-2019-1486 N N - - Important    
Win32k Elevation of Privilege Vulnerability
CVE-2019-1458 Y Y - - Important 7.8 7.2
Win32k Graphics Remote Code Execution Vulnerability
CVE-2019-1468 N N - - Critical 8.4 7.6
Win32k Information Disclosure Vulnerability
CVE-2019-1469 N N - - Important 5.5 5.0
Windows COM Server Elevation of Privilege Vulnerability
CVE-2019-1478 N N - - Important 7.8 7.0
Windows Elevation of Privilege Vulnerability
CVE-2019-1476 N N - - Important 7.8 7.0
CVE-2019-1483 N N - - Important 7.8 7.0
Windows GDI Information Disclosure Vulnerability
CVE-2019-1465 N N - - Important 5.5 5.0
CVE-2019-1466 N N - - Important 5.5 5.0
CVE-2019-1467 N N - - Important 5.5 5.0
Windows Hyper-V Information Disclosure Vulnerability
CVE-2019-1470 N N - - Important 6.0 5.4
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-1471 N N - - Critical 8.2 7.4
Windows Kernel Information Disclosure Vulnerability
CVE-2019-1472 N N - - Important 5.5 5.0
CVE-2019-1474 N N - - Important 5.5 5.0
Windows Media Player Information Disclosure Vulnerability
CVE-2019-1480 N N - - Important 5.5 5.0
CVE-2019-1481 N N - - Important 5.5 5.0
Windows OLE Remote Code Execution Vulnerability
CVE-2019-1484 N N - - Important 7.8 7.0
Windows Printer Service Elevation of Privilege Vulnerability
CVE-2019-1477 N N - - Important 7.8 7.0
Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
CVE-2019-1453 N N Less Likely Less Likely Important 7.5 6.7

 

[1] https://www.zerodayinitiative.com/blog/2019/12/10/the-december-2019-security-update-review

[2] https://www.kaspersky.com/blog/google-chrome-zeroday-wizardopium/29126/

--
Renato Marinho
Morphus Labs| LinkedIn|Twitter

 Renato

62 Posts
ISC Handler
Dec 10th 2019
Thread locked Subscribe Dec 10th 2019
1 year ago
KB4532441 Cumulative update for Autopilot in Windows 10 1903 and 1909 always downloads and installs when I do a windowsupdate check. So far it has downloaded and installed 5 times on one tablet and 2 on another.
 Anonymous
Quote Dec 10th 2019
1 year ago

Sign Up for Free or Log In to start participating in the conversation!