Microsoft Patch Tuesday June 2019: 88 vulnerabilities to fix, but how?

authentication protocol
Every Patch Tuesday is a nightmare for IT admins, loading them with a bundle of updates, leaving them no respite for the rest of the week. This June Patch Tuesday is no exception, with a huge amount of patches released to address 88 vulnerabilities in supported Windows operating systems and related applications. Of these updates, 21 are rated critical, 66 are important, and one is rated moderate in severity.

Patch Tuesday updates for Microsoft products

Microsoft Patch Tuesday June 2019 covers vulnerabilities in:

  • Windows OS
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Office and Services
  • ChakraCore
  • Skype for Business
  • Microsoft Lync
  • Microsoft JET Database Engine
  • Microsoft Exchange Server
  • Azure
  • Team Foundation Server

Zero-day vulnerabilities patched

Now matter how prepared you are, Patch Tuesday never fails to throw in a surprise. What’s so special about this one is that four zero-day vulnerabilities published by a security researcher named SandboxEscaper—CVE-2019-0973, CVE-2019-1053, CVE-2019-1064, CVE-2019-1069—are patched in this month’s roll-up update. Though publicly disclosed, none of these vulnerabilities have been actively exploited in the wild. And all four belong to the same category of vulnerability: elevation of privilege.

Critical vulnerabilities patched

Patches were also released for three critical remote code execution (RCE) vulnerabilities discovered in Hyper-V, native virtualization software that lets users run multiple operating systems simultaneously as virtual machines. These flaws originated from host machines failing to properly validate input from an authenticated user on a guest operating system.

Other important RCE vulnerabilities

Microsoft also patched four RCE flaws in Microsoft HoloLens devices, nine in Chakra Scripting Engine (included with Edge), two in Microsoft’s NTLM authentication protocol, four in Microsoft Scripting Engine, one in Microsoft Speech API, and one impacting both Edge and Internet Explorer.

Third-party patches: Adobe updates

Adobe, another tech giant, has also released security updates to address 11 security vulnerabilities in its products. Of those, three vulnerabilities in Adobe ColdFusion, one in the infamous Flash Player, and one in Adobe Campaign Classic are rated as critical and could lead to arbitrary code execution attacks.

One way to patch all your Patch Tuesday updates at once: Automated patch deployment

Too many patches should never be the reason for poor patching. A single vulnerability has the potential to turn your business upside down. With Desktop Central at your disposal, you can automate the mountain of patches that are being released every Patch Tuesday to any number of machines in your network. Plus, you can utilize the Test and Approve feature to test-drive patches before rolling them out to production machines.

See how Desktop Central works in your environment.

** Optrics Inc. is an Authorized ManageEngine partner

The original article can be found here:

Leave a Reply