June 2019 Patch Tuesday: Mircosoft Fixes 88 Vulnerabilities

Microsoft has issued patches for 88 vulnerabilities this patch Tuesday. Of the vulnerabilities, 20 were rated critical. One servicing stack and 4 advisories were also released in the update. Microsoft stated that there was no evidence to suggest that threat actors had been actively exploiting the vulnerabilities in the wild.

SandboxEscaper, a security researcher, identified four of the vulnerabilities and made the public aware of their existence. Microsoft quickly issued patches to address these vulnerabilities. SandboxEscaper has identified several zero-day flaws in Windows and has developed PoC exploits. The researcher usually publically discloses the flaws without giving Microsoft prior notice. This is sometimes a dangerous business; previously, some of the exploits developed by SandboxEscaper have been used in real-world attacks.

Microsoft has patched the latest 4 privilege escalation exploits before they can be exploited. These are CVE-2019-1069, CVE-2019-0973, CVE-2019-1064, and CVE-2019-1053. An ‘important’ rating was given to all four flaws, with three being rated “exploitation more likely.”

The critical vulnerabilities are present in Windows, Microsoft Scripting engines, and Microsoft Browsers. Microsoft said that threat actors could exploit the flaws to gain remote code execution abilities and steal information. Therefore, individuals should implement the patches swiftly.

Critical Vulnerabilities

  • Microsoft Browsers – Microsoft Browser Memory Corruption Vulnerability – CVE-2019-1038
  • Microsoft Graphics Component – Microsoft Speech API Remote Code Execution Vulnerability – CVE-2019-0985
  • Microsoft Scripting Engine – Chakra Scripting Engine Memory Corruption Vulnerabilities – CVE-2019-1002, CVE-2019-0991, CVE-2019-0992, CVE-2019-1024, CVE-2019-0989, CVE-2019-1052, CVE-2019-01051, CVE-2019-1003
  • Microsoft Scripting Engine – Scripting Engine Memory Corruption Vulnerabilities – CVE-2019-0988, CVE-2019-1055, CVE-2019-0920
  • Microsoft Scripting Engine – Scripting Engine Information Disclosure Vulnerabilities – CVE-2019-1023, CVE-2019-0990
  • Microsoft Windows – Windows Hyper-V Remote Code Execution Vulnerabilities – CVE-2019-0722, CVE-2019-0620
  • The advisories concern vulnerabilities in third party software – Adobe Flash Player (ADV190015); Microsoft Devices (ADV190016; ADV190016); and Microsoft Exchange Server (ADV190018).

Adobe has issued 11 patches for vulnerabilities in Adobe ColdFusion, Flash Player, and Adobe Campaign. Three patches have been released for ColdFusion (CVE-2019-7838, CVE-2019-7839, CVE-2019-7840); one for Adobe Flash (CVE-2019-7845) and 7 for Campaign, including the critical vulnerability CVE-2019-7843.

Tags

Murphy Miller

Murphy Miller

Murphy Miller is the Editor of Healthcare IT Journal, a leading newspaper in the healthcare information technology. Murphy's work covers a variety of topics including healthcare information technology advancements, health policy and compliance, patient privacy and confidentialy, and the financial aspects of healthcare. As the editor of the Healthcare IT Journal, Murphy Miller provides straightforward, informative content to guide professionals and policymakers in the healthcare and IT fields.

Get the free newsletter

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name

Read Next

Scroll to Top

Get the free newsletter

Discover everything you need to become HIPAA compliant
Please enable JavaScript in your browser to complete this form.
Name