On the basis of volume and severity this Patch Tuesday is light in weight.
Browser and Scripting Engine patches should be prioritized for workstation-type devices, meaning any system that is used for email or to access the internet via a browser. This includes multi-user servers that are used as remote desktops for users. Out of the 9 vulnerabilities, 6 can be exploited through browsers.
Active Attacks on Win32k Privilege Escalation
Microsoft has reported that there are active attacks detected against CVE-2018-8611. Microsoft has ranked this patch as Important. So, this should be prioritized.
Adobe Patches and Mitigations
Adobe released nine patches for Acrobat/Reader, with 6 rated as criticals and 3 as important.
*** This is a Security Bloggers Network syndicated blog from The Laws of Vulnerabilities – Qualys Blog authored by Animesh Jain. Read the original post at: https://blog.qualys.com/laws-of-vulnerabilities/2018/12/11/december-2018-patch-tuesday-39-vulns-workstation-patches-adobe-vulns