June 2019 Patch Tuesday: A little something for everybody

For June 2019 Patch Tuesday, Microsoft has fixed a whooping 88 CVE-numbered vulnerabilities, Adobe has plugged many critical security holes in ColdFusion and Flash Player, and Intel has released security updates and mitigations for multiple products.

June 2019 Patch Tuesday

Adobe’s fixes

The Flash Player updates plug one but critical code execution flaw (CVE-2019-7845).

Users of the ColdFusion web application development platform are getting patches for three critical code execution bugs and should consult the offered tech notes to apply specific security configuration settings.

Finally, users of Adobe Campaign Classic on Windows and Linux are also urged to upgrade.

Microsoft’s fixes

Microsoft has addressed 88 vulnerabilities. None are currently being exploited in the wild.

Qualys Senior Director of Product Management Jimmy Graham advises administrators to prioritize scripting engine and browser patches for workstation-type systems and urges for a quick implementation of the Hyper-V patches, which fix three remote code execution flaws.

Dustin Childs, Director of Communications for Trend Micro’s Zero Day Initiative, singled out three flaws for quick patching:

  • CVE-2019-1069 – an elevation of privilege flaw in Task Scheduler that has been publicly disclosed in May.
  • CVE-2019-0941 – a DoS flaw affecting Microsoft IIS Server
  • CVE-2019-1053 – a vulnerability in Windows Shell that could allows for a sandbox escape and which has also been previously publicly known.

Other vulnerabilities of note include:

  • Two bugs in NTLM, Microsoft’s proprietary authentication protocol, which affect all Windows versions
  • Four local privilege escalation zero-day vulnerabilities disclosed by SandboxEscaper in May 2019

Finally, Microsoft also:

Intel’s fixes

Intel has released fixes, advisories and mitigation advice for a number of its products, including SGX for Linux, Intel Accelerated Storage Manager, and NUS, its line of mini PCs.

CISA has direct links to each of the advisories.

Don't miss