Have you tackled December's Patch Tuesday? Here at Automox, we're tuned in and ready for the latest patches and updates coming from Windows, macOS, and third-party applications. We have tracked the patches as they became available to the masses and inserted all releases into the below index to help ensure you are minimizing your attack surface. We will have a breakdown blog released Wednesday.
This month's Patch Tuesday gave us 60 total vulnerabilities, 9 of which were critical. Microsoft dropped off 36 vulnerabilities with 7 of those being critical and CVE-2019-1458 being the lone zero-day. Adobe also dropped off 4 fixes, 2 of which were critical. Stay patched!
Updated Live. Last Update 1:14 PM Dec. 10 2019.
 Adobe |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Acrobat & Reader | Security update available for Adobe Acrobat and Reader | APSB19-55 | High |
| Photoshop CC | Security update available for Adobe Photoshop CC | APSB19-56 | Critical |
| Brackets | Security update available for Brackets | APSB19-57 | Critical |
| ColdFusion | Security update available for ColdFusion | APSB19-58 | High |
 Mozilla Firefox |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Firefox 71 | Use-after-free of SFTKSession object | CVE-2019-11756 | High |
| Firefox 71, ESR 68.3 & Thunderbird 68.3 | Use-after-free in worker destruction | CVE-2019-17008 | High |
| Firefox 71, ESR 68.3, & Thunderbird 68.3 | Stack corruption due to incorrect number of arguments in WebRTC code | CVE-2019-13722 | High |
| Firefox 71, ESR 68.3, & Thunderbird 68.3 | Out of bounds write in NSS when encrypting with a block cipher | CVE-2019-11745 | High |
| Firefox 71 | Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure | CVE-2019-17014 | Medium |
| Firefox 71, ESR 68.3, & Thunderbird 68.3 | Updater temporary files accessible to unprivileged processes | CVE-2019-17009 | Medium |
| Firefox 71, ESR 68.3, & Thunderbird 68.3 | Use-after-free when performing device orientation checks | CVE-2019-17010 | Medium |
| Firefox 71, ESR 68.3, & Thunderbird 68.3 | Buffer overflow in plain text serializer | CVE-2019-17005 | Medium |
| Firefox 71, ESR 68.3, & Thunderbird 68.3 | Use-after-free when retrieving a document in antitracking | CVE-2019-17011 | Medium |
| Firefox 71, ESR 68.3, & Thunderbird 68.3 | Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 | CVE-2019-17012 | High |
| Firefox 71 | Memory safety bugs fixed in Firefox 71 | CVE-2019-17013 | High |
 Microsoft |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 | Latest Servicing Stack Updates | ADV990001 | Critical |
| Windows Hello for Business | Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business | ADV190026 | N/A |
| Visual Studio 2017 & 2019 | Git for Visual Studio Remote Code Execution Vulnerability | CVE-2019-1349 | Critical |
| Visual Studio 2017 & 2019 | Git for Visual Studio Remote Code Execution Vulnerability | CVE-2019-1350 | Critical |
| Visual Studio 2017 & 2019 | Git for Visual Studio Tampering Vulnerability | CVE-2019-1351 | Medium |
| Visual Studio 2017 & 2019 | Git for Visual Studio Remote Code Execution Vulnerability | CVE-2019-1352 | Critical |
| Visual Studio 2017 & 2019 | Git for Visual Studio Remote Code Execution Vulnerability | CVE-2019-1354 | Critical |
| TBD | TBD | CVE-2019-1355 | TBD |
| Visual Studio 2017 & 2019 | Git for Visual Studio Remote Code Execution Vulnerability | CVE-2019-1387 | Critical |
| Office 2010, 2013, 2016, 2019 & Office 365 Pro | Microsoft Access Information Disclosure Vulnerability | CVE-2019-1400 | High |
| Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | CVE-2019-1453 | Important |
| Windows 7, 8, 10 & Server 2008, 2012, 2016 | Win32k Elevation of Privilege Vulnerability | CVE-2019-1458 | Important |
| Office 2010, 2013, 2016, 2019 & Office 265 Pro | Microsoft Word Denial of Service Vulnerability | CVE-2019-1461 | High |
| Office 2010, 2013, 2016, 2019 & Office 365 Pro | Microsoft PowerPoint Remote Code Execution Vulnerability | CVE-2019-1462 | High |
| Office 2010, 2013, 2016, 2019 & Office 365 Pro | Microsoft Access Information Disclosure Vulnerability | CVE-2019-1463 | High |
| Excel 2010, 2013, 2016, 2019 & Office 365 Pro | Microsoft Excel Information Disclosure Vulnerability | CVE-2019-1464 | High |
| Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 | Windows GDI Information Disclosure Vulnerability | CVE-2019-1465 | High |
| Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 | Windows GDI Information Disclosure Vulnerability | CVE-2019-1466 | High |
| Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 | Windows GDI Information Disclosure Vulnerability | CVE-2019-1467 | High |
| Windows 7, 8, 10 & Server 2008, 2012, 2016 | Win32k Graphics Remote Code Execution Vulnerability | CVE-2019-1468 | Critical |
| Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 | Win32k Information Disclosure Vulnerability | CVE-2019-1469 | High |
| Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 | Windows Hyper-V Information Disclosure Vulnerability | CVE-2019-1470 | High |
| Windows 10 & Server 2019 | Windows Hyper-V Remote Code Execution Vulnerability | CVE-2019-1471 | Critical |
| Windows 10 & Server 2016, 2019 | Windows Kernel Information Disclosure Vulnerability | CVE-2019-1472 | High |
| Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 | Windows Kernel Information Disclosure Vulnerability | CVE-2019-1474 | High |
| Windows 10 & Server 2016, 2019 | Windows Elevation of Privilege Vulnerability | CVE-2019-1476 | Important |
| Windows 10 & Server 2019 | Windows Printer Service Elevation of Privilege Vulnerability | CVE-2019-1477 | Important |
| Windows 7 & Server 2008 | Windows COM Server Elevation of Privilege Vulnerability | CVE-2019-1478 | Important |
| Windows 7 | Windows Media Player Information Disclosure Vulnerability | CVE-2019-1480 | High |
| Windows 7 | Windows Media Player Information Disclosure Vulnerability | CVE-2019-1481 | High |
| Windows 10 & Server 2019 | Windows Elevation of Privilege Vulnerability | CVE-2019-1483 | Important |
| Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 | Windows OLE Remote Code Execution Vulnerability | CVE-2019-1484 | Important |
| Internet Explorer 9 & 11 | VBScript Remote Code Execution Vulnerability | CVE-2019-1485 | Important |
| Visual Studio 2019 & Visual Studio Live Share extension | Visual Studio Live Share Spoofing Vulnerability | CVE-2019-1486 | High |
| Microsoft Authentication Library (MSAL) for Android | Microsoft Authentication Library for Android Information Disclosure Vulnerability | CVE-2019-1487 | High |
| Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 | Microsoft Defender Security Feature Bypass Vulnerability | CVE-2019-1488 | Important |
| Microsoft Windows XP Service Pack 3 | Remote Desktop Protocol Information Disclosure Vulnerability | CVE-2019-1489 | High |
| Skype for Business Server 2019 | Skype for Business Server Spoofing Vulnerability | CVE-2019-1490 | Important |
 Apple |
|||
| Product |
Title
|
Identifier
|
Severity
|
| Xcode 11.3 | Out-of-bounds read addressed | CVE-2019-8840 | High |
| watchOS 5.3.4 | Out-of-bounds read addressed | CVE-2019-8830 | High |
| watchOS 6.1.1 | CallKit, CFNetwork Proxies, FaceTime, IOUSBDeviceFamily, Kernel, libexpat, Security, and WebKit | CVE-2019-8856, CVE-2019-8848, CVE-2019-8830, CVE-2019-8836, CVE-2019-8833, CVE-2019-8828, CVE-2019-8838, CVE-2019-15903, CVE-2019-8844 | High |
| tvOS 13.3 | CFNetwork Proxies, FaceTime, IOUSBDeviceFamily, Kernel, libexpat, Security, WebKit | CVE-2019-8848, CVE-2019-8830, CVE-2019-8836, CVE-2019-8833, CVE-2019-8828, CVE-2019-8838, CVE-2019-15903, CVE-2019-8844, CVE-2019-8846 | High |
| macOS Catalina, macOS Mojave, macOS High Sierra | ATS, Bluetooth, CallKit, CFNetwork Proxies, CUPS, FaceTime, Kernel, libexpat, OpenLDAP, Security, and tcpdump, | CVE-2019-8837, CVE-2019-8853, CVE-2019-8856, CVE-2019-8848, CVE-2019-8842, CVE-2019-8839, CVE-2019-8830, CVE-2019-8833, CVE-2019-8828, CVE-2019-8838, CVE-2019-8847, CVE-2019-8852, CVE-2019-15903, CVE-2019-1164, CVE-2019-2668, CVE-2019-4449, CVE-2019-1545, CVE-2019-13057, CVE-2019-13565, CVE-2019-8832, CVE-2019-16808, CVE-2019-10103, CVE-2019-10105, CVE-2019-14461, CVE-2019-14462, CVE-2019-14463, CVE-2019-14464, CVE-2019-14465, CVE-2019-14466, CVE-2019-14467, CVE-2019-14468, CVE-2019-14469, CVE-2019-14470, CVE-2019-14879, CVE-2019-14880, CVE-2019-14881, CVE-2019-14882, CVE-2019-16227, CVE-2019-16228, CVE-2019-16229, CVE-2019-16230, CVE-2019-16300, CVE-2019-16301, CVE-2019-16451, CVE-2019-16452, CVE-2019-15161, CVE-2019-15162, CVE-2019-15163, CVE-2019-15164, CVE-2019-15164, CVE-2019-15165, CVE-2019-15166, CVE-2019-15167 | High |
| Safari 13.0.4 | WebKit | CVE-2019-8835, CVE-2019-8844, CVE-2019-8846 | High |
| iOS 13.3 and iPadOS 13.3 | CallKit, CFNetwork Proxies, FaceTime, IOSurfaceAccelerator, IOUSBDeviceFamily, Kernel, libexpat, Photos, Security, and WebKit | CVE-2019-8856, CVE-2019-8848, CVE-2019-8830, CVE-2019-8841, CVE-2019-8836, CVE-2019-8833, CVE-2019-8828, CVE-2019-8838, CVE-2019-15903, CVE-2019-8857, CVE-2019-8832, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846 | High |