December Patch Tuesday blunts WizardOpium attack chain

From nakedsecurity.sophos.com

December 2019’s Patch Tuesday updates are out, and for the most part, it’s the usual undemanding Christmas load for admins to browse through.

All told, there are 36 CVE-level vulnerabilities, seven of which are marked ‘critical’, 27 important, and one each for low and moderate.

Predictably, the critical flaws are all remote code execution (RCE) flaws, five relating to Git for Visual Studio, one in Hyper-V, and one in the Win32k Graphics subsystem.

Read more…