On June 11, Microsoft released its monthly patch updates. However, this month is deemed to be one of the worst months for the Windows 10 Operating system, the Office Suite, and all other related software packages. To highlight all of this:
However, according to resources, one of the most serious security vulnerabilities more likely resides within Word. It is a memory corruption failure that is sent via a Phishing email. If the individual clicks on the link or opens up the attachment, it could direct the victim to a malicious website. This impacts all versions of Word, including those that are deployed on the Windows Operating System, the Mac OSX, and Office 365. Further details of this can be seen at CVE-2019-1034 and CVE-2019-1035.
Concerning the Adobe Flash vulnerabilities, it is important to note that Google Chrome auto updates any software patches. So, there is nothing really for you to do here, providing you use this browser. By 2020, Google will require users to enable the Flash functionality each and every time they want to use it, just as a safety precaution.
Adobe will stop supporting its Flash product by 2020. The matrix in the next section provides an overview of what you need to pay attention to the most in terms of the June 2019 Patch Update.
The Patches You Need to Pay Attention To
Microsoft Rating Reference Number Description
Critical |
CVE-2019-0988, CVE-2019-0989, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003 and CVE-2019-1024 |
These are all memory corruption vulnerabilities found in the Chakra scripting engine. A Cyber attacker could exploit any of these bugs by tricking an end user, who is using the Edge Web Browser, into visiting a spoofed website. If this is successful, the Cyber attacker can gain control of the entire computer or wireless device belonging to the end user. |
Critical |
|
This is a remote code execution vulnerability found in the Windows Hyper-V. A Cyber attacker could easily exploit this bug by running a specialized script, causing the Hyper-V host operating system to launch arbitrary code. |
Critical |
|
This is a remote code execution vulnerability existing within the ActiveX Data Objects memory. A Cyber attacker could easily exploit this flaw by tricking the user into visiting a spoofed website. If successful, the Cyber attacker could then launch malicious code. |
Important |
|
This is a remote code execution vulnerability that exists within the ActiveX Data Objects, which is the same as above. |
Conclusions and Sources
Remember that Microsoft likes to install its updates and patches in one fell swoop. So, it could take some time for your computer to download and install them. It is expected that the next group of patches will be released on July 9th. More specific information about the Microsoft Patches can be found at this link:
https://portal.msrc.microsoft.com/en-us/security-guidance
Sources