The Microsoft December security updates have been released and consist of 58 CVEs and one Advisory, ADV200013, which provides guidance on a spoofing vulnerability in the DNS Resolver. Of these 58 CVEs, 9 are rated Critical, 46 Important, and 3 are rated low in severity.
The updates apply to the following: Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Edge for Android, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere.
If you are using Windows Update, the latest Servicing Stack Update (SSU) (KB4593175) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog. For information about Servicing Stack updates see Servicing Stack Updates (SSU).
See Dustin Childs review and analysis in Zero Day Initiative — The December Security Update Review.
December Security Updates Guide
The updates apply to the following: Microsoft Windows, Microsoft Edge (EdgeHTML-based), Microsoft Edge for Android, ChakraCore, Microsoft Office and Microsoft Office Services and Web Apps, Microsoft Exchange Server, Azure DevOps, Microsoft Dynamics, Visual Studio, Azure SDK, and Azure Sphere.
If you are using Windows Update, the latest Servicing Stack Update (SSU) (KB4593175) will be offered to you automatically. To get the standalone package for the latest SSU, search for it in the Microsoft Update Catalog. For information about Servicing Stack updates see Servicing Stack Updates (SSU).
See Dustin Childs review and analysis in Zero Day Initiative — The December Security Update Review.
December Security Updates Guide
Last edited: