What's new

Microsoft Releases June 2019 Security Updates to Patch 88 Vulnerabilities

WELCOME TO THEWINDOWSFORUM COMMUNITY!

Our community has more than 50.000 registered members, and we'd love to have you as a member. Join us and take part in our unbiased discussions among people of all different backgrounds about Windows OS, Software, Hardware and more.

ThumperTM

La Patróna
Owner
Aug 18, 2010
12,375
8,883
OS
Windows 10
BR
Chrome 74.0.3729.169
windows-patch-updates-june.jpg

After Adobe, the technology giant Microsoft today—on June 2019 Patch Tuesday—also released its monthly batch of software security updates for various supported versions of Windows operating systems and other Microsoft products.

This month's security updates include patches for a total of 88 vulnerabilities, 21 are rated Critical, 66 are Important, and one is rated Moderate in severity.

The June 2019 updates include patches Windows OS, Internet Explorer, Microsoft Edge browser, Microsoft Office and Services, ChakraCore, Skype for Business, Microsoft Lync, Microsoft Exchange Server, and Azure.

Four of the security vulnerabilities, all rated important and could allow attackers to escalate privileges, patched by the tech giant this month were disclosed publicly, of which none were found exploited in the wild.

Unpatched Issue Reported by Google Researcher

However, Microsoft failed to patch a minor flaw in SymCrypt, a core cryptographic function library currently used by Windows, which on successful exploitation could allow malicious programs to interrupt (denial of service) the encryption service for other programs.

This vulnerability was reported to Microsoft by Tavis Ormandy, a Google project zero security researcher, almost 90 days ago. Ormandy today publicly released details and proof-of-concept of the flaw after finding that Microsoft doesn't have any plan to patch the issue with this month updates.

"I've been able to construct an X.509 certificate that triggers the bug. I've found that embedding the certificate in an S/MIME message, authenticode signature, schannel connection, and so on will effectively DoS any windows server (e.g. ipsec, iis, exchange, etc) and (depending on the context) may require the machine to be rebooted," Ormandy said.

"Obviously, lots of software that processes untrusted content (like antivirus) call these routines on untrusted data, and this will cause them to deadlock."

RCE Through NTLM Vulnerabilities (All Windows Versions Affected)

Discovered by researchers at Preempt, two important severity vulnerabilities (CVE-2019-1040 and CVE-2019-1019) affect Microsoft's NTLM authentication protocol that could allow remote attackers to bypass NTLM protection mechanisms and re-enable NTLM Relay attacks.

These flaws originate from three logical flaws that let attackers bypass various mitigations—including Message Integrity Code (MIC), SMB Session Signing andEnhanced Protection for Authentication (EPA)—Microsoft added to prevent NTLM Relay attacks.


On successful exploitation, a man-in-the-middle attacker can "execute malicious code on any Windows machine or authenticate to any web server that supports Windows Integrated Authentication (WIA) such as Exchange or ADFS."

The latest Microsoft Windows updates address the vulnerability by hardening NTLM MIC protection on the server-side.

Other Important Microsoft Vulnerabilities

Here below we have compiled a list of other critical and important Microsoft vulnerabilities of which you should be aware of:

1) Windows Hyper-V RCE and DoS Vulnerabilities (CVE-2019-0620, CVE-2019-0709, CVE-2019-0722) — Microsoft patches three critical remote code execution vulnerabilities in Windows Hyper-V, native virtualization software that lets administrators run multiple operating systems as virtual machines on Windows.

According to advisories, these flaws originate because the host machine fails to properly validate inputs from an authenticated user on a guest operating system.

Hyper-V RCE flaws thus allow an attacker to execute arbitrary malicious code on the host operating system just by executing a specially crafted application on a guest operating system.

Besides RCE flaws in Hyper-V, Microsoft has also released patches for three denial-of-service (DoS) vulnerabilities in Hyper-V software that could allow an attacker with a privileged account on a guest operating system to crash the host operating system.

Users and system administrators are highly recommended to apply the latest security patches as soon as possible to keep cybercriminals and hackers away from taking control of their computers.

For installing the latest security updates, you can head on to Settings → Update & Security → Windows Update → Check for updates on your computer, or you can install the updates manually.

Source: TheHackerNews
 
Similar threads
Thread starter Title Forum Replies Date
DVDR_Dog Microsoft urges users to stop using phone-based multi-factor authentication General Security 1
A microsoft office word 2019 hyphenation problem Windows 10 Software Chat and Support 1
DVDR_Dog Microsoft Scraps Subscription Model? Windows News 0
L Help with Microsoft office 2016 Activation Windows 10 Help and Support 1
T MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Help and Support 4
DVDR_Dog Microsoft confirms Windows 10 slow boot issue due to KB4559309 Windows 10 Help and Support 2
DVDR_Dog Microsoft Strikes Out Again (3 strikes, no balls. No runs, no hits, countless errors) Smartphones and other Devices Chat & Support 2
V Solved MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Help and Support 29
ThumperTM Improper Microsoft Patch for Reverse RDP Attacks Leaves 3rd-Party RDP Clients Vulnerable Windows News 1
C Installation/activation of MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Software Chat and Support 19
DVDR_Dog Microsoft Fixes Windows 10 1903 Network Issue Windows 10 Upgrade and Installation 0
DVDR_Dog Microsoft confirms installation issues in Windows 10 updates 8/19/2019 Windows 10 Upgrade and Installation 5
DVDR_Dog Microsoft Surface Windows 10 Hardware Chat and Support 1
DVDR_Dog Well Sorta It's Microsoft After All Windows News 0
DVDR_Dog Nation-Backed Hackers Targeted 10,000 Microsoft Customers General Security 1
S Microsoft office pro plus 2016 not fully installing on Windows 10. Windows 10 Help and Support 4
S Microsoft Office Pro Plus 16 patch file? Windows Apps 10
T MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Help and Support 1
ThumperTM Microsoft Announces Windows Defender ATP Antivirus for Mac Windows News 0
ThumperTM Microsoft to end support for Windows 7 in 1-year from today Windows News 0
K Microsoft Office 2016 PRO Plus not activating Windows 8 and 7 Help and Support 0
R Microsoft Office for Mac 2016 Windows 8 and 7 Help and Support 1
B Microsoft Office Pro 2016 Not Working Suddenly Windows 8 and 7 Help and Support 4
R Microsoft Office for Mac 2016 v15.13.3 Multi [TechTools] Windows 8 and 7 Software Chat and Support 2
L Microsoft Office for Mac 2016 v15.13.3 Multi [TechTools] Windows 8 and 7 Help and Support 2
D in regards to MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 8 and 7 Help and Support 5
D MICROSOFT Office PRO - Is it possible to avoid the "Let's get started" pop up when opening word? Windows 8 and 7 Help and Support 0
B MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 10 Software Chat and Support 49
J can proceed to installation for microsoft office 2016 Windows 10 Help and Support 1
M Microsoft Office Pro Plus 2016 - Installing on MAC Windows 8 and 7 Help and Support 0
M I got Microsoft office 2016 question Windows 8 and 7 Software Chat and Support 4
J regarding MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM Windows 8 and 7 Help and Support 0
B Microsoft Windows 10 1607 Oct HELP !! Windows 8 and 7 Help and Support 0
M Microsoft Office 2016 Windows 8 and 7 Help and Support 5
U Microsoft Visual Studio Enterprise 2015 with Update2 ISO [TechTools.NET] Windows 8 and 7 Help and Support 0
D Microsoft Office 2016 question Windows 8 and 7 Help and Support 4
L microsoft office 2016 pro plus Windows 8 and 7 Help and Support 4
W MICROSOFT Office PRO Plus 2016 v16.0.4266.1003 RTM + Activator Windows 8 and 7 Help and Support 11
R Microsoft Office Pro 2016 [HELP] Windows 8 and 7 Help and Support 3
T Microsoft Visual Studio Enterprise 2015 with Update2 ISO [TechTools.NET] Windows 8 and 7 Software Chat and Support 10
O Microsoft Windows 10 PRO (x64-x86) Sep 2015 Windows 8 and 7 Help and Support 9
D Microsoft Windows 10 6in1 FULL (x64) Jan 2016 [TechTools] Problem Windows 8 and 7 Help and Support 1
N Building an Office Pro AIO Manually (Microsoft Office ProPlus, ProjectPro and VisioPro) Tutorials 5
P Microsoft office cant install Windows 8 and 7 Software Chat and Support 0
P Microsoft office cant install Windows 8 and 7 Help and Support 0
I Microsoft Office 2016 powerpoint transition Windows 8 and 7 Help and Support 0
S Microsoft Office PRO Plus 2016 Windows 8 and 7 Help and Support 4
V Microsoft Office 2016: MISSING INSTALLATION .TXT FILE Windows 8 and 7 Help and Support 12
T Microsoft Office 2016 Windows 8 and 7 Help and Support 4
A Microsoft Office PRO 2016 Windows 8 and 7 Help and Support 1

Similar threads

Top