"Zero-Day" Bug Fixed in December Rollup

Microsoft released the December 2018 Patch Tuesday bulletin, which means it is time to update your computers so that you are protected from the latest threats to Windows and Microsoft products. This month the vendor has patched 39 vulnerabilities, 9 of which are rated Critical. This Patch Tuesday includes a fix for the actively exploited Zero-Day vulnerability.

Microsoft has patched a Zero-Day vulnerability actively being used against older versions of the Windows operating system, as part of its December Patch Tuesday updates. The vulnerability (CVE-2018-8611) allows attackers to exploit a bug in the Windows Kernel to execute programs at a higher privilege level.

According to Microsoft. "An attacker who successfully exploited this vulnerability could run arbitrary code in kernel mode. An attacker could then install programs; view, change or delete data; or create new accounts with full user rights".

In addition to the zero-day bug, Microsoft patched nine critical vulnerabilities and 30 flaws rated important, impacting a range of Microsoft products from Internet Explorer, Edge, ChackraCore, Microsoft Windows, Office and Microsoft Office Services and Web Apps, and the .NET Framework.

We've created a report which checks if the assets in your network are on the latest Microsoft roll-up update. It's color-coded to give you an easy and quick overview which assets are already on the latest Windows update, and which need to be patched. You can find the Microsoft December 2018 report on our forum .

As always, take a moment to test for stability before rolling out just to avoid compatibility issues. If you haven't already, start a free trial of Lansweeper to run the Microsoft Monthly patch report. Make sure to subscribe via the form below if you want to receive the latest Microsoft Patch reports and bonus network reports.