Today, Microsoft has released its monthly set of security advisories for vulnerabilities that have been identified and addressed in various products. This month’s advisory release addresses 88 new vulnerabilities, with 21 of them rated critical, 66 are rated Important and 1 is listed as Moderate in severity. These vulnerabilities impact Servicing Stack Updates, Windows Kernel, Adobe Flash Player, Microsoft Devices, Kerberos, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Scripting Engine, Skype for Business and Microsoft Lync, Microsoft Edge, Internet Explorer, Microsoft Exchange Server, Microsoft Office, Microsoft Office SharePoint, etc.


Publicly disclosed

1) CVE-2019-1069 – An elevation of privilege vulnerability exists in the way the Task Scheduler Service validates certain file operations. An attacker who successfully exploited the vulnerability could gain elevated privileges on a victim system. To exploit the vulnerability, an attacker would require unprivileged code execution on a victim system.

2)CVE-2019-1064An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links. An attacker who successfully exploited this vulnerability could run processes in an elevated context. An attacker could then install programs; view, change or delete data. To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system.

3)CVE-2019-1053 – An elevation of privilege vulnerability exists when the Windows Shell fails to validate folder shortcuts. An attacker who successfully exploited the vulnerability could elevate privileges by escaping a sandbox. To exploit this vulnerability, an attacker would require unprivileged execution on the victim system.

4)CVE-2019-0973An elevation of privilege vulnerability exists in the Windows Installer when the Windows Installer fails to properly sanitize input leading to an insecure library loading behavior. A locally authenticated attacker could run arbitrary code with elevated system privileges. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.


Few other critical vulnerabilities

1) Hyper-V and Office Vulnerabilities: Three remote code execution vulnerabilities, CVE-2019-0620, CVE-2019-0709, and CVE-2019-0722 were found in Hyper-V that would allow an authenticated user to run arbitrary code. Two REC vulnerabilities were found in Word, CVE-2019-1034 and CVE-2019-1035 by Allan Liska, threat intelligence analyst at Recorded Future.

None were found being exploited in the wild.


June 2019 patch Tuesday release consists of security updates for the following products:

  • Internet Explorer
  • Microsoft Edge
  • Servicing Stack Updates
  • Windows Kernel
  • Adobe Flash Player
  • Microsoft Devices
  • Microsoft JET Database Engine
  • Windows Authentication Methods
  • Windows IIS
  • Windows Installer
  • Windows Media
  • Windows NTLM
  • Windows Shell
  • Windows Kernel
  • Skype for Business and Microsoft Lync
  • Team Foundation Server
  • VBScript
  • Kerberos
  • Microsoft Graphics Component
  • Microsoft Office
  • Microsoft Windows
  • ChakraCore
  • Microsoft Windows Hyper-V
  • Microsoft Exchange Server

Microsoft security bulletin summary for June 2019:

Product : Adobe Flash Player
CVE’s/Advisory : ADV190015
Severity : Critical
Impact : Remote Code Execution
KB’s : 4503308


Product : Internet Explorer
CVE’s/Advisory : CVE-2019-0920, CVE-2019-0988, CVE-2019-1005, CVE-2019-1038, CVE-2019-1055, CVE-2019-1080, CVE-2019-1081
Severity : Critical
Impact : Remote Code Execution, Information Disclosure
KB’s : 4503259, 4503267, 4503273, 4503276, 4503279, 4503284, 4503285, 4503286, 4503287, 4503290, 4503291, 4503292, 4503293, 4503327


Product : Microsoft Edge
CVE’s/Advisory : CVE-2019-0989, CVE-2019-0990, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1023, CVE-2019-1024, CVE-2019-1038, CVE-2019-1051, CVE-2019-1052, CVE-2019-1054, CVE-2019-1081
Severity : Critical
Impact : Security Feature Bypass, Remote Code Execution, Information Disclosure
KB’s : 4503267, 4503279, 4503284, 4503286, 4503291, 4503293, 4503327


Product : ChakraCore
CVE’s/Advisory : CVE-2019-0989, CVE-2019-0990, CVE-2019-0991, CVE-2019-0993, CVE-2019-1003, CVE-2019-1023, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052
Severity : Critical
Impact : Remote Code Execution, Information Disclosure


Product : Azure DevOps Server 2019
CVE’s/Advisory : CVE-2019-0996
Severity : Important
Impact : Spoofing


Product : Microsoft Exchange Server
CVE’s/Advisory : ADV190018
Impact : Defense in Depth
KB’s : 4503028, 45030287


Product : Microsoft Office
CVE’s/Advisory : CVE-2019-1029, CVE-2019-1031, CVE-2019-1032, CVE-2019-1033, CVE-2019-1034, CVE-2019-1035, CVE-2019-1036
Severity : Important
Impact : Denial of Service, Spoofing, Remote Code Execution
KB’s : 4092442, 4461611, 4461619, 4461621, 4462178, 4464571, 4464590, 4464594, 4464596, 4464597, 4464602, 4475511, 4475512, 4506009


Product : Windows
CVE’s/Advisory : ADV190016, ADV190017, CVE-2019-0620, CVE-2019-0709, CVE-2019-0710, CVE-2019-0711, CVE-2019-0713, CVE-2019-0722, CVE-2019-0888, CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0941, CVE-2019-0943, CVE-2019-0948, CVE-2019-0959, CVE-2019-0960, CVE-2019-0968, CVE-2019-0972, CVE-2019-0973, CVE-2019-0974, CVE-2019-0977, CVE-2019-0983, CVE-2019-0984, CVE-2019-0985, CVE-2019-0986, CVE-2019-0998, CVE-2019-1007, CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1014, CVE-2019-1015, CVE-2019-1016, CVE-2019-1017, CVE-2019-1018, CVE-2019-1019, CVE-2019-1021, CVE-2019-1022, CVE-2019-1025, CVE-2019-1026, CVE-2019-1027, CVE-2019-1028, CVE-2019-1039, CVE-2019-1040, CVE-2019-1041, CVE-2019-1043, CVE-2019-1044, CVE-2019-1045, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050, CVE-2019-1053, CVE-2019-1064, CVE-2019-1065, CVE-2019-1069
Severity : Critical
Impact : Denial of Service, Elevation of Privilege, Impact, Information Disclosure, Remote Code Execution, Security Feature Bypass, Tampering
KB’s : 4503263, 4503267, 4503269, 4503273, 4503276, 4503279, 4503284, 4503285, 4503286, 4503287, 4503290, 4503291, 4503292, 4503293, 4503327


SecPod Saner detects these vulnerabilities and automatically fixes it by applying security updates. Download Saner now and keep your systems updated and secure.


Summary
Patch Tuesday: Microsoft Security Bulletin Summary for June 2019
Article Name
Patch Tuesday: Microsoft Security Bulletin Summary for June 2019
Author
Publisher Name
SecPod Technologies
Publisher Logo

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>