Today we come to the end of 2019's monthly Microsoft Patch Tuesday (also known as Update Tuesday). This Christmas, Microsoft presents us with 36 vulnerabilities (that's two less than this time last year!) and no new vulnerabilities from Adobe for Adobe Flash.
Unfortunately, despite a light month, there's still action to be taken. CVE-2019-1458, an Elevation of Privilege vulnerability has been detected as something actively being (or has been) exploited. Due to a flaw in how the Win32k component handles objects in memory, an already logged in user could be tricked into running vulnerable code, allowing an attacker to install programs and/or create new accounts under elevated privileges.
Outside of the one exploited vulnerability, the next set of vulnerabilities of interest are the two marked Critical (not actively exploited, though): CVE-2019-1468 and CVE-2019-1471. Both of which are remote code execution vulnerabilities that require some sort of phishing aspect to get a user to complete an action, such as clicking on a specific link or opening an e-mail attachment. With this in mind, the more critical vulnerabilities disclosed this Patch Tuesday can be resolved by applying the latest set of Operating System patches.
On the Microsoft Scripting Engine (browsers) front, we are graced with a single vulnerability (CVE-2019-1485). Although it has a lower CVSS score than the previously mentioned vulnerabilities, Microsoft has regarded this vulnerability ..
Support the originator by clicking the read the rest link below.
