Microsoft’s December 2019 Patch Tuesday addresses 36 vulnerabilities, seven of which are rated Critical, 28 Important, and one Moderate. The Critical flaws, which can lead to remote code execution, affect Git for Visual Studio (five CVEs), Win32k Graphic (CVE-2019-1468) and Windows Hyper-V (CVE-2019-1471).
Among the “Important” vulnerabilities, CVE-2019-1458 is a privilege elevation vulnerability in Windows' Win32k component. An attacker can exploit this vulnerability by logging onto a system, then running a specially crafted application that would allow them to take complete control of the system and execute arbitrary code in kernel mode. This zero-day bug is actively exploited in the wild before the patch release in a campaign dubbed Operation WizardOpium.
System administrators are advised to apply the latest security update to mitigate against attacks targeting Windows systems. Priority must be given to Win32k patches given that CVE-2019-1468 can be exploited by luring users to a specially crafted web page while CVE-2019-1458 is being exploited in the wild.
References:Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services