Microsoft Releases June 2019 Security Updates to Patch 88 Vulnerabilities

Microsoft Releases June 2019 Security Updates to Patch 88 Vulnerabilities

Technology News

by FeedsWorld 11 Views comments

windows security patch updates
After Adobe, the know-how big Microsoft at the moment—on June 2019 Patch Tuesday—additionally released its month-to-month batch of software program safety updates for numerous supported variations of Home windows working methods and different Microsoft merchandise.

This month's safety updates embrace patches for a complete of 88 vulnerabilities, 21 are rated Important, 66 are Necessary, and one is rated Average in severity.

The June 2019 updates embrace patches Home windows OS, Web Explorer, Microsoft Edge browser, Microsoft Workplace and Providers, ChakraCore, Skype for Enterprise, Microsoft Lync, Microsoft Change Server, and Azure.

4 of the safety vulnerabilities, all rated necessary and will permit attackers to escalate privileges, patched by the tech big this month have been disclosed publicly, of which none have been discovered exploited within the wild.

Unpatched Concern Reported by Google Researcher

Nevertheless, Microsoft did not patch a minor flaw in SymCrypt, a core cryptographic perform library at present utilized by Home windows, which on profitable exploitation might permit malicious packages to interrupt (denial of service) the encryption service for different packages.
This vulnerability was reported to Microsoft by Tavis Ormandy, a Google venture zero safety researcher, virtually 90 days in the past. Ormandy immediately publicly launched particulars and proof-of-concept of the flaw after discovering that Microsoft does not have any plan to patch the difficulty with this month updates.
"I have been capable of assemble an X.509 certificates that triggers the bug. I've discovered that embedding the certificates in an S/MIME message, authenticode signature, schannel connection, and so forth will successfully DoS any home windows server (e.g. ipsec, iis, change, and so on) and (relying on the context) might require the machine to be rebooted," Ormandy stated.

"Clearly, numerous software program that processes untrusted content material (like antivirus) name these routines on untrusted knowledge, and it will trigger them to impasse."

RCE By way of NTLM Vulnerabilities (All Home windows Variations Affected)

Found by researchers at Preempt, two important severity vulnerabilities (CVE-2019-1040 and CVE-2019-1019) have an effect on Microsoft's NTLM authentication protocol that would permit distant attackers to bypass NTLM safety mechanisms and re-enable NTLM Relay assaults.

These flaws originate from three logical flaws that permit attackers bypass numerous mitigations—together with Message Integrity Code (MIC), SMB Session Signing andEnhanced Safety for Authentication (EPA)—Microsoft added to stop NTLM Relay assaults.

On profitable exploitation, a man-in-the-middle attacker can "execute malicious code on any Home windows machine or authenticate to any net server that helps Home windows Built-in Authentication (WIA) comparable to Trade or ADFS."

The newest Microsoft Home windows updates tackle the vulnerability by hardening NTLM MIC safety on the server-side.

Different Necessary Microsoft Vulnerabilities

Right here under we've got compiled an inventory of different essential and necessary Microsoft vulnerabilities of which you have to be conscious of:

1) Home windows Hyper-V RCE and DoS Vulnerabilities (CVE-2019-0620, CVE-2019-0709, CVE-2019-0722) — Microsoft patches three important distant code execution vulnerabilities in Home windows Hyper-V, native virtualization software program that lets directors run a number of working techniques as digital machines on Home windows.

In line with advisories, these flaws originate as a result of the host machine fails to correctly validate inputs from an authenticated consumer on a visitor working system.

Hyper-V RCE flaws thus permit an attacker to execute arbitrary malicious code on the host working system simply by executing a specifically crafted software on a visitor working system.

In addition to RCE flaws in Hyper-V, Microsoft has additionally launched patches for 3 denial-of-service (DoS) vulnerabilities in Hyper-V software program that would permit an attacker with a privileged account on a visitor working system to crash the host working system.

Customers and system directors are extremely really helpful to use the newest safety patches as quickly as attainable to maintain cybercriminals and hackers away from taking management of their computer systems.

For putting in the newest safety updates, you possibly can head on to Settings → Replace & Safety → Home windows Replace → Verify for updates in your pc, or you possibly can set up the updates manually.