Patch Tuesday December 2019: Update Highlights and Known Issues


Radu Tyrsina
by Radu Tyrsina
Founder & Editor-in-Chief
Loading Comments
Affiliate Disclosure

windows 10 patch tuesday

Patch Tuesday December 2019

Microsoft rolled out the Patch Tuesday December 2019 updates on December 10, 2019. As always, with this batch of updates, the Redmond giant focuses on improving the overall functionality of the OS and fixing existing bugs.

This month’s update are all about improving security when Windows performs basic operations. If you want to install the latest updates, you can check out this guide where you’ll also find the direct download links.

We already covered the key changes in these posts. Do check them out to learn what’s new:

What are the main updates

  • Internet Explorer

This month’s Patch Tuesday updates added many security improvements for Internet Explorer. In this manner, Microsoft makes sure the browser remains one of the safest browsing tools to use.

Download KB4530677 to install the latest IE security patches.

  • Microsoft Office

Microsoft Office is a productivity suite that includes Microsoft Word, Microsoft Excel, and Microsoft PowerPoint.  The software package is used by over one billion users worldwide. Patch Tuesday brought many improve security for all the Microsoft Office products.

More specifically, this round of updates fixed a denial of service vulnerability that existed in Microsoft Word, Excel, PowerPoint and Microsoft Access where the tools failed to properly handle objects in memory. Hackers could then use a specially crafted document to cause a remote denial of service against the system.

The December Patch security updates correct how Microsoft Word handles objects in memory so as to fix this security issue.

  • Microsoft Windows

Microsoft rolls out different Patch Tuesday updates for all the Windows 10 versions currently supported. For more information on the latest updates, check out our Windows 10 Patch Tuesday update history page.

  • Microsoft Hyper-V

Hyper-V is Windows 10‘s built-in hypervisor. You can use this tool to emulate various third-party software and operating systems on your computer. The latest Patch Tuesday updates improved Hyper-V’s functionality by fixing an information disclosure vulnerability on a host operating system that failed to properly validate input from an authenticated user. Microsoft fixed this issue by correcting how Hyper-V validates guest operating system user input.

The Graphics Device Interface (also known as GDI) is a Windows component that represents graphical objects to monitors and printers. This month’s cumulative updates fixed a Graphics Device Interface vulnerability that caused the Windows GDI component to improperly discloses the contents of its memory.

  • Visual Studio

Microsoft fixed a spoofing vulnerability in Visual Studio Live Share that allowed hackers to redirect guests to an arbitrary URL without consent from the guest.

  • Win32k 

Microsoft patched a critical elevation of privilege vulnerability that allowed hackers to compromise users’ systems.

  • Microsoft improved security when using external devices

The December 2019 Patch Tuesday updates improved security when using external devices, as well as input devices. In other words, hackers will have a really difficult time trying to use your game controllers, printers, webcams, mouse or keyboard in order to inject malware into your PC or take over your device.

  • Windows on ARM

Microsoft Store should no longer fail to launch on Windows 10 on ARM device. Patch Tuesday fixed this problem.

  • Adobe

Adobe rolled out four security improvements in December. You can read more about each update in this quick guide.

Patch Tuesday list of CVEs

If you want to learn more about this month’s list of common vulnerabilities and exposures, you can check out the table below:

CVETitleSeverity
CVE-2019-1458Win32k Elevation of Privilege VulnerabilityImportant
CVE-2019-1349Git for Visual Studio Remote Code Execution VulnerabilityCritical
CVE-2019-1350Git for Visual Studio Remote Code Execution VulnerabilityCritical
CVE-2019-1352Git for Visual Studio Remote Code Execution VulnerabilityCritical
CVE-2019-1354Git for Visual Studio Remote Code Execution VulnerabilityCritical
CVE-2019-1387Git for Visual Studio Remote Code Execution VulnerabilityCritical
CVE-2019-1468Win32k Graphics Remote Code Execution VulnerabilityCritical
CVE-2019-1471Windows Hyper-V Remote Code Execution VulnerabilityCritical
CVE-2019-1332Microsoft SQL Server Reporting Services XSS VulnerabilityImportant
CVE-2019-1400Microsoft Access Information Disclosure VulnerabilityImportant
CVE-2019-1453Windows Remote Desktop Protocol (RDP) Denial of Service VulnerabilityImportant
CVE-2019-1461Microsoft Word Denial of Service VulnerabilityImportant
CVE-2019-1462Microsoft PowerPoint Remote Code Execution VulnerabilityImportant
CVE-2019-1463Microsoft Access Information Disclosure VulnerabilityImportant
CVE-2019-1464Microsoft Excel Information Disclosure VulnerabilityImportant
CVE-2019-1465Windows GDI Information Disclosure VulnerabilityImportant
CVE-2019-1466Windows GDI Information Disclosure VulnerabilityImportant
CVE-2019-1467Windows GDI Information Disclosure VulnerabilityImportant
CVE-2019-1469Win32k Information Disclosure VulnerabilityImportant
CVE-2019-1470Windows Hyper-V Information Disclosure VulnerabilityImportant
CVE-2019-1472Windows Kernel Information Disclosure VulnerabilityImportant
CVE-2019-1474Windows Kernel Information Disclosure VulnerabilityImportant
CVE-2019-1476Windows Elevation of Privilege VulnerabilityImportant
CVE-2019-1477Windows Printer Service Elevation of Privilege VulnerabilityImportant
CVE-2019-1478Windows COM Server Elevation of Privilege VulnerabilityImportant
CVE-2019-1480Windows Media Player Information Disclosure VulnerabilityImportant
CVE-2019-1481Windows Media Player Information Disclosure VulnerabilityImportant
CVE-2019-1483Windows Elevation of Privilege VulnerabilityImportant
CVE-2019-1484Windows OLE Remote Code Execution VulnerabilityImportant
CVE-2019-1485VBScript Remote Code Execution VulnerabilityImportant
CVE-2019-1486Visual Studio Live Share Spoofing VulnerabilityImportant
CVE-2019-1487Microsoft Authentication Library for Android Information Disclosure VulnerabilityImportant
CVE-2019-1488Microsoft Defender Security Feature Bypass VulnerabilityImportant
CVE-2019-1489Remote Desktop Protocol Information Disclosure Vulnerability
CVE-2019-1490Skype for Business and Lync Spoofing VulnerabilityImportant
CVE-2019-1351Git for Visual Studio Tampering VulnerabilityModerate

What are the best practices for Patch Tuesday

There are a few things that you can do in order to make sure that your computer installs the latest Patch Tuesday updates without any issues. We all know that Windows updates often trigger errors. In extreme cases, they may even render your PC completely unusable. Follow these tips to make sure the update install process goes as smoothly as possible.

How to download the latest PT updates

We have a special category where we keep track of all the monthly releases for the products that you are interested in.

Exploit Wednesday & Uninstall Thursday

Right after Patch Tuesday, hackers try to exploit the vulnerabilities left unpatched by Microsoft. This leads to an increase in the number of cyber attacks. On the other hand, many users often decide to uninstall the Patch Tuesday updates a few hours after install due to the large number of issues they triggered — hence the name Uninstall Thursday. Check out this guide to learn more on how to stay safe after Patch Tuesday and make sure the updates don’t brick your computer.

Patch Tuesday: All your Questions Answered

  • When is Patch Tuesday released? Microsoft rolls out new Patch Tuesday updates on the second Tuesday of each month. The next Patch Tuesday Update is expected to arrive on December 10, 2019.
  • How does Patch Tuesday work? We already answered this question in this quick guide. Do check it out to learn more on the mechanisms behind Patch Tuesday.
  • What is the bandwidth impact of Patch Tuesday? When actively downloading updates, you may experience slow connection issues on your Windows 10 computer. This happens especially when updating multiple PCs at the same time. The solution is to distribute the updates locally via WSUS. This means downloading the updates from Microsoft Servers. Then, your Windows 10 computers can share the updates in a peer-to-peer manner over the local network resulting in a faster update process.

Patch Tuesday Troubleshooting

Oftentimes, Patch Tuesday updates trigger various errors on Windows computers. These may range from minor glitches to technical issues that may render your computer unusable. We covered extensively Patch Tuesday issues we compiled hundreds of troubleshooting guides to help you solve these problems quickly.