Microsoft December 2019 Patch Tuesday

Published on 11 Dec 2019

Updated on 28 Dec 2020


Microsoft has released security patches to address 36 vulnerabilities affecting its Operating System (OS) and other related products. The following vulnerabilities were rated critical and require immediate attention: 

Zero-day vulnerability

  • CVE-2019-1458 - This is an elevation of privilege vulnerability which exists in Windows when the Win32k component fails to properly handle objects in memory.

Critical vulnerabilities

  • CVE-2019-1468 - This remote code execution vulnerability exists when the Windows font library improperly handles specially crafted embedded fonts. 

  • CVE-2019-1349, CVE-2019-1350,  CVE-2019-1352, CVE-2019-1354, CVE-2019-1387-  These remote code execution vulnerabilities exist when Git for Visual Studio improperly sanitizes input.  

  • CVE-2019-1471 - This remote code execution vulnerability exists when Windows Hyper-V on a host server fails to properly validate input from an authenticated user on a guest operating system. 

  • ADV990001 - This is a list of the latest servicing stack updates for each operating system. This list will be updated whenever a new servicing stack update is released. It is important to install the latest servicing stack update: 

For the full list of security patches released by Microsoft, please visit


Affected Products

Microsoft’s release contains updates for the following: 

  • Microsoft Windows

  • Internet Explorer

  • Microsoft Office

  • Microsoft Office Services and Web Apps

  • SQL Server

  • Visual Studio

  • Skype for Business



Successful exploitation of these critical vulnerabilities can allow attackers to perform remote code execution and take control of the affected systems to perform malicious activities, including unauthorised installation of programs, creating rogue administrator accounts and the ability to view, change, or delete data. 



Users and system administrators of affected products are strongly encouraged to install the security updates immediately.