December 2018 Patch Tuesday – 39 Vulns, Workstation Patches, Adobe Vulns

Microsoft and Adobe Logos

Microsoft and Adobe Logos

On the basis of volume and severity this Patch Tuesday is light in weight.

Workstation Patches

Browser and Scripting Engine patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users. Out of the 9 vulnerabilities, 6 can be exploited through browsers.

Active Attacks on Win32k Privilege Escalation

Microsoft has reported that there are active attacks detected against CVE-2018-8611. Microsoft has ranked this patch as Important. So, this should be prioritized.

Adobe Patches and Mitigations

Adobe released nine patches for Acrobat/Reader, with 6 rated as criticals and 3 as important.

*** This is a Security Bloggers Network syndicated blog from The Laws of Vulnerabilities – Qualys Blog authored by Animesh Jain. Read the original post at: https://blog.qualys.com/laws-of-vulnerabilities/2018/12/11/december-2018-patch-tuesday-39-vulns-workstation-patches-adobe-vulns