Patch Tuesday December 2019: Update Highlights and Known Issues
Patch Tuesday December 2019
Microsoft rolled out the Patch Tuesday December 2019 updates on December 10, 2019. As always, with this batch of updates, the Redmond giant focuses on improving the overall functionality of the OS and fixing existing bugs.
This month’s update are all about improving security when Windows performs basic operations. If you want to install the latest updates, you can check out this guide where you’ll also find the direct download links.
We already covered the key changes in these posts. Do check them out to learn what’s new:
- Patch Tuesday brings a whole new level of day-to-day security
- Download Adobe Patch Tuesday Updates [December 2019]
- Patch Tuesday improves game controller and webcam security
- KB4530689 improves mouse, keyboard and stylus security
- KB4530715 fixes Microsoft Store launch issues on ARM devices
- KB4530684 improves the Windows Kernel and Virtualization
What are the main updates
- Internet Explorer
This month’s Patch Tuesday updates added many security improvements for Internet Explorer. In this manner, Microsoft makes sure the browser remains one of the safest browsing tools to use.
Download KB4530677 to install the latest IE security patches.
- Microsoft Office
Microsoft Office is a productivity suite that includes Microsoft Word, Microsoft Excel, and Microsoft PowerPoint. The software package is used by over one billion users worldwide. Patch Tuesday brought many improve security for all the Microsoft Office products.
More specifically, this round of updates fixed a denial of service vulnerability that existed in Microsoft Word, Excel, PowerPoint and Microsoft Access where the tools failed to properly handle objects in memory. Hackers could then use a specially crafted document to cause a remote denial of service against the system.
The December Patch security updates correct how Microsoft Word handles objects in memory so as to fix this security issue.
- Microsoft Windows
Microsoft rolls out different Patch Tuesday updates for all the Windows 10 versions currently supported. For more information on the latest updates, check out our Windows 10 Patch Tuesday update history page.
- Microsoft Hyper-V
Hyper-V is Windows 10‘s built-in hypervisor. You can use this tool to emulate various third-party software and operating systems on your computer. The latest Patch Tuesday updates improved Hyper-V’s functionality by fixing an information disclosure vulnerability on a host operating system that failed to properly validate input from an authenticated user. Microsoft fixed this issue by correcting how Hyper-V validates guest operating system user input.
The Graphics Device Interface (also known as GDI) is a Windows component that represents graphical objects to monitors and printers. This month’s cumulative updates fixed a Graphics Device Interface vulnerability that caused the Windows GDI component to improperly discloses the contents of its memory.
- Visual Studio
Microsoft fixed a spoofing vulnerability in Visual Studio Live Share that allowed hackers to redirect guests to an arbitrary URL without consent from the guest.
- Win32k
Microsoft patched a critical elevation of privilege vulnerability that allowed hackers to compromise users’ systems.
- Microsoft improved security when using external devices
The December 2019 Patch Tuesday updates improved security when using external devices, as well as input devices. In other words, hackers will have a really difficult time trying to use your game controllers, printers, webcams, mouse or keyboard in order to inject malware into your PC or take over your device.
- Windows on ARM
Microsoft Store should no longer fail to launch on Windows 10 on ARM device. Patch Tuesday fixed this problem.
- Adobe
Adobe rolled out four security improvements in December. You can read more about each update in this quick guide.
Patch Tuesday list of CVEs
If you want to learn more about this month’s list of common vulnerabilities and exposures, you can check out the table below:
| CVE | Title | Severity |
| CVE-2019-1458 | Win32k Elevation of Privilege Vulnerability | Important |
| CVE-2019-1349 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
| CVE-2019-1350 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
| CVE-2019-1352 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
| CVE-2019-1354 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
| CVE-2019-1387 | Git for Visual Studio Remote Code Execution Vulnerability | Critical |
| CVE-2019-1468 | Win32k Graphics Remote Code Execution Vulnerability | Critical |
| CVE-2019-1471 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
| CVE-2019-1332 | Microsoft SQL Server Reporting Services XSS Vulnerability | Important |
| CVE-2019-1400 | Microsoft Access Information Disclosure Vulnerability | Important |
| CVE-2019-1453 | Windows Remote Desktop Protocol (RDP) Denial of Service Vulnerability | Important |
| CVE-2019-1461 | Microsoft Word Denial of Service Vulnerability | Important |
| CVE-2019-1462 | Microsoft PowerPoint Remote Code Execution Vulnerability | Important |
| CVE-2019-1463 | Microsoft Access Information Disclosure Vulnerability | Important |
| CVE-2019-1464 | Microsoft Excel Information Disclosure Vulnerability | Important |
| CVE-2019-1465 | Windows GDI Information Disclosure Vulnerability | Important |
| CVE-2019-1466 | Windows GDI Information Disclosure Vulnerability | Important |
| CVE-2019-1467 | Windows GDI Information Disclosure Vulnerability | Important |
| CVE-2019-1469 | Win32k Information Disclosure Vulnerability | Important |
| CVE-2019-1470 | Windows Hyper-V Information Disclosure Vulnerability | Important |
| CVE-2019-1472 | Windows Kernel Information Disclosure Vulnerability | Important |
| CVE-2019-1474 | Windows Kernel Information Disclosure Vulnerability | Important |
| CVE-2019-1476 | Windows Elevation of Privilege Vulnerability | Important |
| CVE-2019-1477 | Windows Printer Service Elevation of Privilege Vulnerability | Important |
| CVE-2019-1478 | Windows COM Server Elevation of Privilege Vulnerability | Important |
| CVE-2019-1480 | Windows Media Player Information Disclosure Vulnerability | Important |
| CVE-2019-1481 | Windows Media Player Information Disclosure Vulnerability | Important |
| CVE-2019-1483 | Windows Elevation of Privilege Vulnerability | Important |
| CVE-2019-1484 | Windows OLE Remote Code Execution Vulnerability | Important |
| CVE-2019-1485 | VBScript Remote Code Execution Vulnerability | Important |
| CVE-2019-1486 | Visual Studio Live Share Spoofing Vulnerability | Important |
| CVE-2019-1487 | Microsoft Authentication Library for Android Information Disclosure Vulnerability | Important |
| CVE-2019-1488 | Microsoft Defender Security Feature Bypass Vulnerability | Important |
| CVE-2019-1489 | Remote Desktop Protocol Information Disclosure Vulnerability | |
| CVE-2019-1490 | Skype for Business and Lync Spoofing Vulnerability | Important |
| CVE-2019-1351 | Git for Visual Studio Tampering Vulnerability | Moderate |
What are the best practices for Patch Tuesday
There are a few things that you can do in order to make sure that your computer installs the latest Patch Tuesday updates without any issues. We all know that Windows updates often trigger errors. In extreme cases, they may even render your PC completely unusable. Follow these tips to make sure the update install process goes as smoothly as possible.
How to download the latest PT updates
We have a special category where we keep track of all the monthly releases for the products that you are interested in.
Exploit Wednesday & Uninstall Thursday
Right after Patch Tuesday, hackers try to exploit the vulnerabilities left unpatched by Microsoft. This leads to an increase in the number of cyber attacks. On the other hand, many users often decide to uninstall the Patch Tuesday updates a few hours after install due to the large number of issues they triggered — hence the name Uninstall Thursday. Check out this guide to learn more on how to stay safe after Patch Tuesday and make sure the updates don’t brick your computer.
Patch Tuesday: All your Questions Answered
- When is Patch Tuesday released? Microsoft rolls out new Patch Tuesday updates on the second Tuesday of each month. The next Patch Tuesday Update is expected to arrive on December 10, 2019.
- How does Patch Tuesday work? We already answered this question in this quick guide. Do check it out to learn more on the mechanisms behind Patch Tuesday.
- What is the bandwidth impact of Patch Tuesday? When actively downloading updates, you may experience slow connection issues on your Windows 10 computer. This happens especially when updating multiple PCs at the same time. The solution is to distribute the updates locally via WSUS. This means downloading the updates from Microsoft Servers. Then, your Windows 10 computers can share the updates in a peer-to-peer manner over the local network resulting in a faster update process.
Patch Tuesday Troubleshooting
Oftentimes, Patch Tuesday updates trigger various errors on Windows computers. These may range from minor glitches to technical issues that may render your computer unusable. We covered extensively Patch Tuesday issues we compiled hundreds of troubleshooting guides to help you solve these problems quickly.