Site icon SnapInHIPAA

Microsoft December Patch Tuesday Overview

Microsoft has issued patches for 39 vulnerabilities this December 2018 Patch Tuesday. Of the vulnerabilities, 10 were rated critical, 9 of which were in Microsoft products and one in Adobe Flash player. Two vulnerabilities were identified as being actively exploited in the wild.

The patches cover the following products and services: Microsoft Windows, Microsoft Office, Internet Explorer, Microsoft Edge, Microsoft Office SharePoint, Microsoft Graphics Component, Microsoft Exchange Server Microsoft Dynamics, Microsoft Scripting Engine, Microsoft Windows DNS, Visual Studio, Windows Authentication Methods, Windows Azure Pack, Windows Kernel, Windows Kernel-Mode Drivers, and .NET Framework.

The critical vulnerabilities affect the Chakra Scripting Engine of Microsoft Edge (5), .NET framework (1), Microsoft Text-to-Speech (1), Internet Explorer (1), and Windows DNS server (1).

In response to a number of recently discovered vulnerabilities, Adobe has released 87 updates. Of these updates, 39 were rated critical and could allow an attacker to execute arbitrary code or elevate privileges on vulnerable devices. Many of the vulnerabilities could be used together to give an attacker full control of a vulnerable computer.  Some of the patches were directed at Acrobat and PDF Reader products. The bundle included a patch for yet another zero-day flaw in Flash Player that is already being exploited in the wild.

These patches are in addition to an out-of-bounds update issued earlier in December to fix two actively exploited vulnerabilities.

All patches should be applied as soon as possible.

Exit mobile version