Patch Tuesday Fixes Zero-Day Flaw, As Windows 7 Cut Off Looms

Microsoft has released the December edition of its Patch Tuesday security update, that fixes a zero-day flaw with the Windows operating system.

Redmond has resolved 36 vulnerabilities with its last patch update of 2019, one of which is confirmed to be exploited in the wild. Of the 36 vulnerabilities, 7 are rated as critical, 27 important, 1 moderate, and one is low in severity.

The latest security updates comes amid a looming deadline of the end of life for Windows 7 and Server 2008/2008 R2, as Microsoft will stop providing support for these platforms in January 2020. That said, Windows 7 is said to be down to 27 percent of desktop versions worldwide, so systems administrators face a busy month ahead if planning migrations.

Patch Tuesday

With only seven vulnerabilities being labelled as critical, security experts agree this month’s Patch Tuesday update is relatively light.

“Five of the seven Critical vulns are in Git for Visual Studio,” said Jimmy Graham, senior director of product management at Qualys. “The others are for Hyper-V and Win32k. Also, there is one actively attacked “Important” vuln in Win32k. Adobe released patches today covering Acrobat/Reader, ColdFusion, Photoshop, and Brackets.”

“Win32k patches (CVE-2019-1468 and CVE-2019-1458) should be prioritised for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users,” said Graham.

Though ranked as important, Microsoft warned CVE-2019-1458 is actively attacked in the wild.

There is a remote code execution vulnerability (CVE-2019-1471) that has been patched in Hyper-V that would allow an authenticated user on a guest system to run arbitrary code on the host system.

Microsoft also patched 5 vulnerabilities (CVE-2019-1354, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387, and CVE-2019-1349) in Git for Visual Studio.

Graham from Qualys also pointed out that Adobe’s Patch Tuesday covers Acrobat/Reader, ColdFusion, Photoshop, and Brackets that resolve 21 vulnerabilities in total.

Windows 7 support

Chris Goettl, director of security solutions at Ivanti meanwhile pointed out that Google has released an update for Chrome that resolves 51 vulnerabilities, and he highlighted the end of life issue for Windows 7 users.

“It is December Patch Tuesday! There are 14 shopping/patching days left until Christmas and one Patch Tuesday until Microsoft ends support for Windows 7 and Server 2008/2008 R2,” he said.

He also highlighted CVE-2019-1458 patch as the flaw is being exploited in the wild, and noted that Microsoft also released details on an XP SP3 vulnerability (CVE-2019-1489), but no patch will be forthcoming.

“Google has released an update for Chrome, resolving 51 vulnerabilities and Adobe has also released several updates; Adobe Reader is the most concerning with 21 vulnerabilities being resolved,” said Goettl. “An Adobe Flash Player release was issued today but is not security related.”

Quiz: How well do you know Microsoft?

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Gloucester City Council Confirms ‘Cyber Incident’

Council IT services hit by so called 'sleeper' malware, with media reports pointing the finger…

17 hours ago

Gigabyte Broadband Pledge At Risk, Warns Spending Watchdog

UK pledge to close the digital divide of broadband services for urban and rural customers…

19 hours ago

UK To Address Marketing Of High Risk Crypto Investments

British financial watchdog says it will curb the marketing of cryptoassets and other high-risk investments,…

21 hours ago

Tesla Driver Charged With Manslaughter After Autopilot Crash

Criminal charges for the first time in fatal crash involving Tesla's Autopilot, as driver is…

23 hours ago