December 12, 2019
December 2019 Threat Intelligence (CRITICAL ALERT)
This month, Microsoft have patched 36 vulnerabilities; with 7 ranked critical. This means the final Patch Tuesday of 2019 is the smallest we’ve had all year. One of the ‘Important’ vulnerabilities fixed today is a zero-day privilege elevation vulnerability that was discovered being actively exploited in the wild. All users are advised to to install these security updates as soon as possible to ensure you’re protected from Windows from these security risks. Full information on this months patches can be found here: https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/2019-Dec
Zero-day privilege elevation vulnerability in Win32k fixed
This vulnerability is titled “CVE-2019-1458 | Win32k Elevation of Privilege Vulnerability” and could allow an attacker to execute commands in kernel mode, which means that it has full access to the operating system.
This Windows vulnerability was chained together with a Chrome zero-day as part of an attack called Operation WizardOpium that was detected last month.
Two advisories released
As well as the security updates, Microsoft released two advisories this week. One is a servicing stack update and the other provides guidance on how to remove orphaned Windows Hello for Business (WHfB) public keys that were created by vulnerable TPM devices.
- ADV190026 – Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business
- ADV990001 – Latest Servicing Stack Updates
Patching is important…
Security vulnerabilities are the ‘low hanging fruit’ for hackers. Patching is essential to keep your information safe. It is also good practice to back up your system or at least your data before you apply any updates.
Customers are advised to follow these security tips:
- Install vendor patches immediately when available.
- Run all software with least privileges while still maintaining functionality.
- Do not handle files from questionable sources.
- Avoid visiting sites with unknown integrity.
- Block external access at the network perimeter to all key systems unless access is necessary.
Related articles:
- Real life cyber crime video – Phishing affects healthcare provider
- [THREAT INTEL] NSA issues rare warning to patch against BlueKeep vulnerability
- Know your enemy: What motivates a cyber criminal?
- A buyers guide to patch management software
- Types of penetration test – what’s the difference?
- Pros and cons of outsourcing your cyber security: In-house or Managed SOC?
About CyberOne
CyberOne is a government-approved Cyber Security and IT Managed Service Provider, supporting clients 24/7 from our ISO27001-accredited UK Security Operations Centre (SOC). Located at the heart of a high security, controlled-access Tier 3 data centre, CyberOne’s state-of-the-art UK Cyber Defence Centre (SOC) targets, hunts & disrupts hacker behaviour, as part of a multi-layered security defence, to help secure some of the UK’s leading organisations.