Patch Tuesday Fixes Zero-Day Flaw, As Windows 7 Cut Off Looms

Microsoft has released the December edition of its Patch Tuesday security update, that fixes a zero-day flaw with the Windows operating system.

Redmond has resolved 36 vulnerabilities with its last patch update of 2019, one of which is confirmed to be exploited in the wild. Of the 36 vulnerabilities, 7 are rated as critical, 27 important, 1 moderate, and one is low in severity.

The latest security updates comes amid a looming deadline of the end of life for Windows 7 and Server 2008/2008 R2, as Microsoft will stop providing support for these platforms in January 2020. That said, Windows 7 is said to be down to 27 percent of desktop versions worldwide, so systems administrators face a busy month ahead if planning migrations.

Patch Tuesday

With only seven vulnerabilities being labelled as critical, security experts agree this month’s Patch Tuesday update is relatively light.

“Five of the seven Critical vulns are in Git for Visual Studio,” said Jimmy Graham, senior director of product management at Qualys. “The others are for Hyper-V and Win32k. Also, there is one actively attacked “Important” vuln in Win32k. Adobe released patches today covering Acrobat/Reader, ColdFusion, Photoshop, and Brackets.”

“Win32k patches (CVE-2019-1468 and CVE-2019-1458) should be prioritised for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users,” said Graham.

Though ranked as important, Microsoft warned CVE-2019-1458 is actively attacked in the wild.

There is a remote code execution vulnerability (CVE-2019-1471) that has been patched in Hyper-V that would allow an authenticated user on a guest system to run arbitrary code on the host system.

Microsoft also patched 5 vulnerabilities (CVE-2019-1354, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387, and CVE-2019-1349) in Git for Visual Studio.

Graham from Qualys also pointed out that Adobe’s Patch Tuesday covers Acrobat/Reader, ColdFusion, Photoshop, and Brackets that resolve 21 vulnerabilities in total.

Windows 7 support

Chris Goettl, director of security solutions at Ivanti meanwhile pointed out that Google has released an update for Chrome that resolves 51 vulnerabilities, and he highlighted the end of life issue for Windows 7 users.

“It is December Patch Tuesday! There are 14 shopping/patching days left until Christmas and one Patch Tuesday until Microsoft ends support for Windows 7 and Server 2008/2008 R2,” he said.

He also highlighted CVE-2019-1458 patch as the flaw is being exploited in the wild, and noted that Microsoft also released details on an XP SP3 vulnerability (CVE-2019-1489), but no patch will be forthcoming.

“Google has released an update for Chrome, resolving 51 vulnerabilities and Adobe has also released several updates; Adobe Reader is the most concerning with 21 vulnerabilities being resolved,” said Goettl. “An Adobe Flash Player release was issued today but is not security related.”

Quiz: How well do you know Microsoft?

Tom Jowitt @TJowitt

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Recent Posts

So, you want to be a CIO?

The role of the CIO is evolving with more of a focus on revenue and strategy, according to the 2019…

1 day ago

Twitter Demands AI Firm Cease Facial Image Collection

Privacy concern. Cease-and-desist letter from Twitter to AI firm Clearview demands it stop collecting photos from social media platforms

1 day ago

Sonos Boss Apologises For Update Controversy

Sonos CEO says sorry for anger caused by its update policy, and says it will support legacy products “for as…

1 day ago

Apple Cautions EU About Common Charger Push

Apple has cautioned against the renewed EU push for a common mobile charger, warning that losing its Lightning port will…

2 days ago

US Tells UK It Still Has ‘Significant Concerns’ Over Huawei

With a UK decision on Huawei expected by the end of the month, US officials maintain 'significant concerns' about the…

2 days ago

Apple Fixed Tracking Flaws In Safari, But Google Director Disagrees

Google identified multiple privacy flaws in Apple's Safari browser, which the iPad maker said it has fixed, but a Google…

2 days ago