H

ave you tackled December's Patch Tuesday? Here at Automox, we're tuned in and ready for the latest patches and updates coming from Windows, macOS, and third-party applications. We have tracked the patches as they became available to the masses and inserted all releases into the below index to help ensure you are minimizing your attack surface. We will have a breakdown blog released Wednesday.

This month's Patch Tuesday gave us 60 total vulnerabilities, 9 of which were critical. Microsoft dropped off 36 vulnerabilities with 7 of those being critical and CVE-2019-1458 being the lone zero-day. Adobe also dropped off 4 fixes, 2 of which were critical. Stay patched!

Updated Live. Last Update 1:14 PM Dec. 10 2019.

AdobeA Adobe
Product
Title
Identifier
Severity
Acrobat & Reader Security update available for Adobe Acrobat and Reader APSB19-55 High
Photoshop CC Security update available for Adobe Photoshop CC APSB19-56 Critical
Brackets Security update available for Brackets APSB19-57 Critical
ColdFusion Security update available for ColdFusion APSB19-58 High
firefoxMozilla Firefox
Product
Title
Identifier
Severity
Firefox 71 Use-after-free of SFTKSession object CVE-2019-11756 High
Firefox 71, ESR 68.3 & Thunderbird 68.3 Use-after-free in worker destruction CVE-2019-17008 High
Firefox 71, ESR 68.3, & Thunderbird 68.3 Stack corruption due to incorrect number of arguments in WebRTC code CVE-2019-13722 High
Firefox 71, ESR 68.3, & Thunderbird 68.3 Out of bounds write in NSS when encrypting with a block cipher CVE-2019-11745 High
Firefox 71 Dragging and dropping a cross-origin resource, incorrectly loaded as an image, could result in information disclosure CVE-2019-17014 Medium
Firefox 71, ESR 68.3, & Thunderbird 68.3 Updater temporary files accessible to unprivileged processes CVE-2019-17009 Medium
Firefox 71, ESR 68.3, & Thunderbird 68.3 Use-after-free when performing device orientation checks CVE-2019-17010 Medium
Firefox 71, ESR 68.3, & Thunderbird 68.3 Buffer overflow in plain text serializer CVE-2019-17005 Medium
Firefox 71, ESR 68.3, & Thunderbird 68.3 Use-after-free when retrieving a document in antitracking CVE-2019-17011 Medium
Firefox 71, ESR 68.3, & Thunderbird 68.3 Memory safety bugs fixed in Firefox 71 and Firefox ESR 68.3 CVE-2019-17012 High
Firefox 71 Memory safety bugs fixed in Firefox 71 CVE-2019-17013 High
microsoftMicrosoft
Product
Title
Identifier
Severity
Windows 7, 8, 10 and Server 2008, 2012, 2016, 2019 Latest Servicing Stack Updates ADV990001 Critical
Windows Hello for Business Microsoft Guidance for cleaning up orphaned keys generated on vulnerable TPMs and used for Windows Hello for Business ADV190026 N/A
Visual Studio 2017 & 2019 Git for Visual Studio Remote Code Execution Vulnerability CVE-2019-1349 Critical
Visual Studio 2017 & 2019 Git for Visual Studio Remote Code Execution Vulnerability CVE-2019-1350 Critical
Visual Studio 2017 & 2019 Git for Visual Studio Tampering Vulnerability CVE-2019-1351 Medium
Visual Studio 2017 & 2019 Git for Visual Studio Remote Code Execution Vulnerability CVE-2019-1352 Critical
Visual Studio 2017 & 2019 Git for Visual Studio Remote Code Execution Vulnerability CVE-2019-1354 Critical
TBD TBD CVE-2019-1355 TBD
Visual Studio 2017 & 2019 Git for Visual Studio Remote Code Execution Vulnerability CVE-2019-1387 Critical
Office 2010, 2013, 2016, 2019 & Office 365 Pro Microsoft Access Information Disclosure Vulnerability CVE-2019-1400 High
Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability CVE-2019-1453 Important
Windows 7, 8, 10 & Server 2008, 2012, 2016 Win32k Elevation of Privilege Vulnerability CVE-2019-1458 Important
Office 2010, 2013, 2016, 2019 & Office 265 Pro Microsoft Word Denial of Service Vulnerability CVE-2019-1461 High
Office 2010, 2013, 2016, 2019 & Office 365 Pro Microsoft PowerPoint Remote Code Execution Vulnerability CVE-2019-1462 High
Office 2010, 2013, 2016, 2019 & Office 365 Pro Microsoft Access Information Disclosure Vulnerability CVE-2019-1463 High
Excel 2010, 2013, 2016, 2019 & Office 365 Pro Microsoft Excel Information Disclosure Vulnerability CVE-2019-1464 High
Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 Windows GDI Information Disclosure Vulnerability CVE-2019-1465 High
Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 Windows GDI Information Disclosure Vulnerability CVE-2019-1466 High
Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 Windows GDI Information Disclosure Vulnerability CVE-2019-1467 High
Windows 7, 8, 10 & Server 2008, 2012, 2016 Win32k Graphics Remote Code Execution Vulnerability CVE-2019-1468 Critical
Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 Win32k Information Disclosure Vulnerability CVE-2019-1469 High
Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 Windows Hyper-V Information Disclosure Vulnerability CVE-2019-1470 High
Windows 10 & Server 2019 Windows Hyper-V Remote Code Execution Vulnerability CVE-2019-1471 Critical
Windows 10 & Server 2016, 2019 Windows Kernel Information Disclosure Vulnerability CVE-2019-1472 High
Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 Windows Kernel Information Disclosure Vulnerability CVE-2019-1474 High
Windows 10 & Server 2016, 2019 Windows Elevation of Privilege Vulnerability CVE-2019-1476 Important
Windows 10 & Server 2019 Windows Printer Service Elevation of Privilege Vulnerability CVE-2019-1477 Important
Windows 7 & Server 2008 Windows COM Server Elevation of Privilege Vulnerability CVE-2019-1478 Important
Windows 7 Windows Media Player Information Disclosure Vulnerability CVE-2019-1480 High
Windows 7 Windows Media Player Information Disclosure Vulnerability CVE-2019-1481 High
Windows 10 & Server 2019 Windows Elevation of Privilege Vulnerability CVE-2019-1483 Important
Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 Windows OLE Remote Code Execution Vulnerability CVE-2019-1484 Important
Internet Explorer 9 & 11 VBScript Remote Code Execution Vulnerability CVE-2019-1485 Important
Visual Studio 2019 & Visual Studio Live Share extension Visual Studio Live Share Spoofing Vulnerability CVE-2019-1486 High
Microsoft Authentication Library (MSAL) for Android Microsoft Authentication Library for Android Information Disclosure Vulnerability CVE-2019-1487 High
Windows 7, 8, 10 & Server 2008, 2012, 2016, 2019 Microsoft Defender Security Feature Bypass Vulnerability CVE-2019-1488 Important
Microsoft Windows XP Service Pack 3 Remote Desktop Protocol Information Disclosure Vulnerability CVE-2019-1489 High
Skype for Business Server 2019 Skype for Business Server Spoofing Vulnerability CVE-2019-1490 Important
appleApple
Product
Title
Identifier
Severity
Xcode 11.3 Out-of-bounds read addressed CVE-2019-8840 High
watchOS 5.3.4 Out-of-bounds read addressed CVE-2019-8830 High
watchOS 6.1.1 CallKit, CFNetwork Proxies, FaceTime, IOUSBDeviceFamily, Kernel, libexpat, Security, and WebKit CVE-2019-8856, CVE-2019-8848, CVE-2019-8830, CVE-2019-8836, CVE-2019-8833, CVE-2019-8828, CVE-2019-8838, CVE-2019-15903, CVE-2019-8844 High
tvOS 13.3 CFNetwork Proxies, FaceTime, IOUSBDeviceFamily, Kernel, libexpat, Security, WebKit CVE-2019-8848, CVE-2019-8830, CVE-2019-8836, CVE-2019-8833, CVE-2019-8828, CVE-2019-8838, CVE-2019-15903, CVE-2019-8844, CVE-2019-8846 High
macOS Catalina, macOS Mojave, macOS High Sierra ATS, Bluetooth, CallKit, CFNetwork Proxies, CUPS, FaceTime, Kernel, libexpat, OpenLDAP, Security, and tcpdump, CVE-2019-8837, CVE-2019-8853, CVE-2019-8856, CVE-2019-8848, CVE-2019-8842, CVE-2019-8839, CVE-2019-8830, CVE-2019-8833, CVE-2019-8828, CVE-2019-8838, CVE-2019-8847, CVE-2019-8852, CVE-2019-15903, CVE-2019-1164, CVE-2019-2668, CVE-2019-4449, CVE-2019-1545, CVE-2019-13057, CVE-2019-13565, CVE-2019-8832, CVE-2019-16808, CVE-2019-10103, CVE-2019-10105, CVE-2019-14461, CVE-2019-14462, CVE-2019-14463, CVE-2019-14464, CVE-2019-14465, CVE-2019-14466, CVE-2019-14467, CVE-2019-14468, CVE-2019-14469, CVE-2019-14470, CVE-2019-14879, CVE-2019-14880, CVE-2019-14881, CVE-2019-14882, CVE-2019-16227, CVE-2019-16228, CVE-2019-16229, CVE-2019-16230, CVE-2019-16300, CVE-2019-16301, CVE-2019-16451, CVE-2019-16452, CVE-2019-15161, CVE-2019-15162, CVE-2019-15163, CVE-2019-15164, CVE-2019-15164, CVE-2019-15165, CVE-2019-15166, CVE-2019-15167 High
Safari 13.0.4 WebKit CVE-2019-8835, CVE-2019-8844, CVE-2019-8846 High
iOS 13.3 and iPadOS 13.3 CallKit, CFNetwork Proxies, FaceTime, IOSurfaceAccelerator, IOUSBDeviceFamily, Kernel, libexpat, Photos, Security, and WebKit CVE-2019-8856, CVE-2019-8848, CVE-2019-8830, CVE-2019-8841, CVE-2019-8836, CVE-2019-8833, CVE-2019-8828, CVE-2019-8838, CVE-2019-15903, CVE-2019-8857, CVE-2019-8832, CVE-2019-8835, CVE-2019-8844, CVE-2019-8846 High
# of endpoints

15-day free trial. No credit card required.

By submitting this form you agree to our terms of service.

Already have an account?