• December 2019 Patch Tuesday running commentary

    Posted on December 10, 2019 at 12:12 CST by Comment in the Forums

    I’m looking at 133 downloadable patches on the Update Catalog.

    Dustin Childs reports on the Zero Day Initiative blog:

    Microsoft released security patches for a mere 36 CVEs [separately identified security holes]. While this is a much lower quantity of CVEs compared to other months, it is quite common for Microsoft to have a light December release. None of the patches released this month are listed as publicly known, but one is listed as being actively exploited at the time of release.

    That exploited security hole, CVE-2019-1458, is described as:

    To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

    I’m not going to lose any sleep over it.

    Martin Brinkmann has his usual thorough report on ghacks.

    Remarkably, according to the Update History page, the 1903 and 1909 patches have not diverged just yet. It’ll be interesting to see if MS fixed the File Explorer Search bugs in 1909 that have been widely reported.

    Mary Jo Foley reports that the Win7 Monthly Rollup includes a nag screen  about upgrading to Win10. (The Security-only Update also includes the nag screen.) Sure enough, the Monthly Rollup KB article says:

    IMPORTANT Starting on January 15, 2020, a full-screen notification will appear that describes the risk of continuing to use Windows 7 Service Pack 1 after it reaches end of support on January 14, 2020. The notification will remain on the screen until you interact with it. This notification will only appear on the following editions of Windows 7 Service Pack 1:

    Note The notification will not appear on domain-joined machines or machines in kiosk mode.

    Looks like an uncharacteristically drama-free bunch of patches. (Although it’s typical for December.) We’ll keep you posted on any identified bugs, of course.

    UPDATE: AutoPilot’s back – Win10 1909 Pro users are being offered an AutoPilot fix — even if they don’t have AutoPilot. The KB article has been updated to say it’s been re-issued. Back in October, MS admitted that the AutoPilot patch had been pushed to Pro users incorrectly – and that it was offered repeatedly, even after it was installed. Wonder if we’ll see it pulled again?

    And the 1909 cumulative update doesn’t fix the File Explorer Search bug. See this Reddit thread.

    Windows Patches/Security
DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • How to use the Forums
  • All Forums

    • Recent Topics

    June 2023
    S M T W T F S
     123
    45678910
    11121314151617
    18192021222324
    252627282930  

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2023 by AskWoody Tech LLC. All Rights Reserved.