Microsoft Patches Just 36 Flaws in December
Microsoft has taken pity on system administrators by ending the year with a relatively light patch load fixing just 36 vulnerabilities.
The update round includes seven critical flaws and one being actively exploited in the wild: CVE-2019-1458, a privilege escalation vulnerability in the Win32k component.
Although it’s only listed as “important,” security experts urge admins to prioritize a fix for that bug. Recorded Future intelligence analyst, Allan Liska explained that an exploit for a similar vulnerability, CVE-2019-0859, was found being sold on underground markets earlier this year.
Elsewhere, five of the seven critical vulnerabilities patched (CVE-2019-1354, CVE-2019-1350, CVE-2019-1352, CVE-2019-1387, and CVE-2019-1349) are in Git for Visual Studio.
In this attack scenario an attacker would need to convince a developer to clone a malicious repository. This may be tricky, but the rewards are potentially big, according to Ivanti director of security solutions, Chris Goettl.
“This is a sp ..
Support the originator by clicking the read the rest link below.