Administrators got an early holiday present with a fairly light patching workload on December Patch Tuesday, but they will have one Windows zero-day to wrap up as soon as possible.
Microsoft corrected 36 vulnerabilities on December Patch Tuesday in Microsoft Windows, Internet Explorer, Microsoft Office and Microsoft Office Services and Web Apps, SQL Server, Visual Studio and Skype for Business.
The Win32k elevation of privilege vulnerability (CVE-2019-1458) is rated as important and is being actively exploited in the wild. This Windows zero-day, discovered by Kaspersky Lab researchers, affects most supported versions of Microsoft’s operating system on both the client and server side. The attacker needs authentication to access the system to run malicious code in kernel mode to take…