An attacker could exploit CVE-2019-1491 to obtain sensitive information that could be used to mount further attacks, Microsoft says. The bug was discovered by researcher Saif ElSherei of Microsoft Research Center s Vulnerabilities and Mitigations Team. The patch addresses the important-severity vulnerability by changing how affected APIs process requests. December’s Patch Tuesday was relatively light, and it delivered just 37 CVEs (including the new one) across a range of products. The scheduled security update this month in all now includes patches for Microsoft Windows, Internet Explorer, Microsoft Office and related apps.
Source: https://threatpost.com/microsoft-issues-out-of-band-update-sharepoint-bug/151260/