December 2019 - Microsoft Releases Security Patches

Microsoft addresses several vulnerabilities in its December security bulletin. Trend Micro Deep Security covers the following:

• CVE-2019-0617 - Jet Database Engine Remote Code Execution Vulnerability
  Risk Rating: Important
  
  This remote code execution vulnerability exists in the Windows Jet Database engine in respect to handling objects in memory. Attackers looking to exploit this vulnerability must find a way to convince a user to open a specially crafted file.



• CVE-2019-1485 - VBScript Remote Code Execution Vulnerability
  Risk Rating: Important
  
  This remote code execution vulnerability exists in the improper handling of objects in memory by VBScript engine. Attackers looking to exploit this vulnerability must find a way to convince a user to access a malicious website where the exploit is hosted.



• CVE-2019-0853 - GDI Remote Code Execution Vulnerability
  Risk Rating: Critical
  
  This remote code execution vulnerability exists in the improper handling of objects by the Windows Graphics Device Interface (GDI). Attackers looking to exploit this vulnerability must find a way for a user to open a website that contains the exploit, or to open a specially crafted file via file-sharing.



• CVE-2019-1458 - Win32k Elevation of Privilege Vulnerability
  Risk Rating: Important
  
  This elevation of privilege vulnerability exists in the improper handling of objects by the the Win32k component in Windows. Attackers looking to exploit this vulnerability must find a way for a user to open a specially crafted application.



• CVE-2019-1439 - Windows GDI Information Disclosure Vulnerability
  Risk Rating: Important
  
  This information disclosure vulnerability exists in the improper handling of objects in memory by the Windows GDI component. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.



• CVE-2019-1117 - DirectWrite Remote Code Execution Vulnerability
  Risk Rating: Important
  
  This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.



• CVE-2019-1118 - DirectWrite Remote Code Execution Vulnerability
  Risk Rating: Important
  
  This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.



• CVE-2019-1119 - DirectWrite Remote Code Execution Vulnerability
  Risk Rating: Important
  
  This remote code execution vulnerability exists in the improper handling of objects in memory by the DirectWrite. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted document.



• CVE-2019-0959 - Windows Common Log File System Driver Elevation of Privilege Vulnerability
  Risk Rating: Important
  
  This elevation of privilege vulnerability exists in the improper handling of objects in memory by the Windows Common Log File System. Attackers looking to exploit this vulnerability must find a way for a user to execute a specially crafted application.