Security News

Microsoft Security Bulletin Coverage for December 2019

By

SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of December 2019. A list of issues reported, along with SonicWall coverage information are as follows:

CVE-2019-1332 Microsoft SQL Server Reporting Services XSS Vulnerability
There are no known exploits in the wild.
CVE-2019-1349 Git for Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1350 Git for Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1351 Git for Visual Studio Tampering Vulnerability
There are no known exploits in the wild.
CVE-2019-1352 Git for Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1354 Git for Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1387 Git for Visual Studio Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1400 Microsoft Access Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1453 Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-1458 Win32k Elevation of Privilege Vulnerability
ASPY 5854:Malformed-File exe.MP.114
CVE-2019-1461 Microsoft Word Denial of Service Vulnerability
There are no known exploits in the wild.
CVE-2019-1462 Microsoft PowerPoint Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1463 Microsoft Access Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1464 Microsoft Excel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1465 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1466 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1467 Windows GDI Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1468 Win32k Graphics Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1469 Win32k Information Disclosure Vulnerability
ASPY 5855:Malformed-File exe.MP.115
CVE-2019-1470 Windows Hyper-V Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1471 Windows Hyper-V Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1472 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1474 Windows Kernel Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1476 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1477 Windows Printer Service Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1478 Windows COM Server Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1480 Windows Media Player Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1481 Windows Media Player Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1483 Windows Elevation of Privilege Vulnerability
There are no known exploits in the wild.
CVE-2019-1484 Windows OLE Remote Code Execution Vulnerability
There are no known exploits in the wild.
CVE-2019-1485 VBScript Remote Code Execution Vulnerability
ASPY 14631:VBScript Remote Code Execution Vulnerability (DEC 19) 1
CVE-2019-1486 Visual Studio Live Share Spoofing Vulnerability
There are no known exploits in the wild.
CVE-2019-1487 Microsoft Authentication Library for Android Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1488 Microsoft Defender Security Feature Bypass Vulnerability
There are no known exploits in the wild.
CVE-2019-1489 Remote Desktop Protocol Information Disclosure Vulnerability
There are no known exploits in the wild.
CVE-2019-1490 Skype for Business and Lync Spoofing Vulnerability
There are no known exploits in the wild.

Security News
The SonicWall Capture Labs Threat Research Team gathers, analyzes and vets cross-vector threat information from the SonicWall Capture Threat network, consisting of global devices and resources, including more than 1 million security sensors in nearly 200 countries and territories. The research team identifies, analyzes, and mitigates critical vulnerabilities and malware daily through in-depth research, which drives protection for all SonicWall customers. In addition to safeguarding networks globally, the research team supports the larger threat intelligence community by releasing weekly deep technical analyses of the most critical threats to small businesses, providing critical knowledge that defenders need to protect their networks.
Recommended Cyber Security Stories
OrcaKiller: A RAT using Windows Crypto API functions
Spammed zipped Trojans (Sep 4, 2008)
Debug build of Jigsaw Ransomware contains SMTP email credentials
Recent Microsoft Office Zero Day (CVE-2017-0199) attacks spotted in the wild (Apr 13, 2017)
Increase in Andromeda botnet spam (April 26, 2013)
Microsoft Publisher Memory Corruption (Dec 21, 2011)
New ZBot Variant (Feb 12, 2009)
Microsoft Security Bulletin Coverage for January 2021