On Tuesday, Microsoft released the security patch for December. The recent update will resolve several bugs, including the zero-day in windows OS. The firm revealed that the vulnerability is real when the Win32k unable to handle the memory properly. If an intruder successfully managed to exploit the weakness, he could easily access any arbitrary code. Once it runs codes in the computer, the attackers could install various programs, delete any existing important files, or could create new accounts by accessing the users’ information. The firm praised the Kaspersky Lab, which played an important role in discovering the major flaw in the system.
Apart from the zero-day, the firm successfully resolved as many as 36 security flaws and bugs with the recent update. Among the 36 resolved issues, seven were extremely critical, the company claimed. On the other hand, the update size is quite small in comparison to the previous updates. The December security patch is the smallest in the current year, during one of the smallest in last the three years. CVE- 2019- 1468 and CVE- 2019- 1471 are the other important potential threats resolve through this update.
Apart from the zero-day in windows, the update fixed several other issues related to SQL Server, Microsoft Office, Visual Studio, Microsoft Office Services, and Skype for Business.
Some of the Important Updates
SQL Server got a bug fix called CVE- 2019- 1332, where the update fixed the existing XSS vulnerability. Visual Studio received two important updates called CVE- 2019- 1354 and CVE- 2019- 1351. Through these two updates, Microsoft fixed the remote code and tampering vulnerability, respectively. Through the CVE- 2019- 1480, the firm resolved the information disclosure threat from the Windows Media Player. Windows Hyper- V also got a couple of critical updates, CVE- 2019- 1471 and CVE- 2019- 1470, where Microsoft fixed any possible threat from the personal information leaks and remote execution threat.