This security update resolves an information disclosure vulnerability that exists if Microsoft Excel incorrectly discloses the contents of its memory. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1464.Note To apply this security update, you must have the release version of Office 2016 installed on the computer.

This update is available from Microsoft Update. When you turn on automatic updating, this update will be downloaded and installed automatically. For more information about how to get security updates automatically, see Windows Update: FAQ.

Microsoft Security Update Summary (December 10, 2019)

This security update resolves a remote code execution vulnerability that exists in Microsoft PowerPoint software if the software does not correctly handle objects in memory. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1462.Note To apply this security update, you must have the release version of PowerPoint 2016 installed on the computer.

This security update resolves an information disclosure vulnerability that exists if Microsoft Excel imcorrectly discloses the contents of its memory. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1464.Note To apply this security update, you must have the release version of Service Pack 1 for Microsoft Office 2013 installed on the computer.

Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.

This security update resolves an information disclosure vulnerability that exists in Microsoft Access software if the software does not correctly handle objects in memory. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1400 and Microsoft Common Vulnerabilities and Exposures CVE-2019-1463.Note To apply this security update, you must have the release version of Service Pack 2 for Office 2010 installed on the computer.

This security update resolves a denial of service vulnerability that exists in Microsoft Word software if the software does not correctly handle objects in memory. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1461.Note To apply this security update, you must have the release version of Word 2016 installed on the computer.

The KB Articles associated with the update:KB4530734KB4530714KB4530691KB4530702KB4530677KB4530689KB4530715KB4530684KB4530717KB4530695KB4530681QID Detection Logic:AuthenticatedThis QID checks for the file version of ntoskrnl.exe for Windows 10 1809, Windows 10 1803 and Windows Server 2019 1809 (i.e. KB4530715) , because Mshtml.dll was not updated for these builds. For the rest we check for Mshtml.dll.The following versions with their corresponding KBs are verified:KB4530734 - 11.0.9600.19572KB4530714 - 11.0.16299.1565KB4530691 - 10.0.9200.22931KB4530702 - 11.0.9600.19572KB4530677 - 10.0.9200.22931 , 11.0.9600.19572 , 9.0.8112.21392KB4530689 - 11.0.14393.3383KB4530715 - 10.0.17763.914KB4530684 - 11.0.18362.535KB4530695 - 9.0.8112.21392KB4530681 - 11.0.10240.18427ConsequenceAn attacker who successfully exploited the vulnerability could gain the same user rights as the current user. If the current user is logged on with administrative user rights, an attacker who successfully exploited the vulnerability could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.SolutionPlease refer to the Security Update Guide for more information pertaining to these vulnerabilities.Patches:The following are links for downloading patches to fix these vulnerabilities:Microsoft Security Update Guide Windows

This security update contains the following KBs:KB4484180KB4484193KB4484186KB4484169KB4475601KB4484094KB4461590KB4484166KB4461613KB4484179KB4484182KB4484196KB4484190KB4484192KB4484184QID Detection Logic:This authenticated QID checks the file versions from above Microsoft KB article with the versions on affected office system.ConsequenceSuccessful exploitation allows an attacker to execute code remotely.SolutionRefer to Microsoft Security Guidance for more details pertaining to this vulnerability.Patches:The following are links for downloading patches to fix these vulnerabilities:Microsoft Office and Microsoft Office Services and Web Apps Security Update December 2019

The update addresses the vulnerability by correcting SSRS URL sanitization.Affected Software:Power BI Report Server versions prior to 15.0.1102.646SQL Server Reporting Services (SSRS) 2017 versions prior to 14.0.600.1451SQL Server Reporting Services (SSRS) 2019 versions prior to 15.0.7243.37714QID Detection Logic:This authenticated QID detects vulnerable file versions of the above mentioned software by fetching the location from HKLM\SYSTEM\CurrentControlSet\Services\SQLServerReportingServicesConsequenceSuccessful exploitation of this vulnerability allows an attacker to run scripts in the context of the targeted user.SolutionCustomers are advised to refer to CVE-2019-1332 for more details pertaining to this vulnerability.Patches:The following are links for downloading patches to fix these vulnerabilities:Power BI Report ServerSQL Server 2017 Reporting ServicesSQL Server 2019 Reporting Services

This security update resolves an information disclosure vulnerability that exists if Microsoft Excel incorrectly discloses the contents of its memory. To learn more about the vulnerability, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1464.Note To apply this security update, you must have the release version of Excel 2016 installed on the computer.

This security update resolves vulnerabilities when a Lync Server or Skype for Business Server does not properly sanitize a specially crafted request. To learn more about these vulnerabilities, see Microsoft Common Vulnerabilities and Exposures CVE-2019-1490.Note To apply this security update, you must have the release version of Skype for Business 2019 CU 2 installed on the computer.

Except for Internet Explorer 11 on Windows Server 2012, the fixes that are included in this Security Update for Internet Explorer (KB4530677) are also included in the December 2019 Security Monthly Quality Rollup. Installing either the Security Update for Internet Explorer or the Security Monthly Quality Rollup installs the fixes that are in this update.

Except for Internet Explorer 11 on Windows Server 2012, this Security Update for Internet Explorer is not applicable for installation on a computer on which the Security Monthly Quality Rollup or the Preview of Monthly Quality Rollup from December 2019 (or a later month) is already installed. This is because those updates contain all the fixes that are in this security update for Internet Explorer.

If you use update management processes other than Windows Update, and you automatically approve all security updates classifications for deployment, this Security Update for Internet Explorer (KB4530677), the December 2019 Security Only Quality Update, and the December 2019 Security Monthly Quality Rollup are deployed. We recommend that you review your update deployment rules to make sure that the desired updates are deployed. 2ff7e9595c