Microsoft’s December 2019 Patch Tuesday, which means it is your job to be nice to Windows administrators everywhere and not to take it personal if they are a bit grouchy today.
With the release of the December 2019 security updates, Microsoft has released 2 advisories and updates for 36 vulnerabilities. Of these vulnerabilities, 7 are classified as Critical, 27 as Important, 1 as Moderate, and one as Low.
One of the ‘Important’ vulnerabilities fixed today is a zero-day privilege elevation vulnerability that was discovered being actively exploited in the wild.
All users should install these security updates as soon as possible in order to protect Windows from known security risks.
Zero-day privilege elevation vulnerability in Win32k fixed
The December 2019 Patch Tuesday fixes an zero-day privilege elevation vulnerability in the Win32k component that Kaspersky Lab researchers Anton Ivanov and Alexey Kulaev discovered being actively exploited.
This vulnerability is titled “CVE-2019-1458 | Win32k Elevation of Privilege Vulnerability” and could allow an attacker to execute commands in kernel mode, which means that it has full access to the operating system.