On June 11, Microsoft released its monthly patch updates.  However, this month is deemed to be one of the worst months for the Windows 10 Operating system, the Office Suite, and all other related software packages.  To highlight all of this:

  • There are four very dangerous flaws that take advantage of exploitable source code;
  • There is a nasty virus that is affecting all current versions of Microsoft Office (which includes primarily Word, PowerPoint, and Excel) which is triggered when the end user clicks on a malicious link or an attachment via a Phishing attack;
  • Other associated vulnerabilities that have been discovered with the Adobe Flash Player.
  • There are also privilege escalation flaws found strictly in Windows 10, and these are further detailed in  CVE-2019-1064 and CVE-2019-1069;
  • There are also privilege escalation flaws that affect all versions of the Windows Operating System, and these are also further detailed in  CVE-2019-1053 and CVE-2019-0973.

However, according to resources, one of the most serious security vulnerabilities more likely resides within Word.  It is a memory corruption failure that is sent via a Phishing email.  If the individual clicks on the link or opens up the attachment, it could direct the victim to a malicious website.  This impacts all versions of Word, including those that are deployed on the Windows Operating System, the Mac OSX, and Office 365.  Further details of this can be seen at CVE-2019-1034 and CVE-2019-1035.

Concerning the Adobe Flash vulnerabilities, it is important to note that Google Chrome auto updates any software patches.  So, there is nothing really for you to do here, providing you use this browser.  By 2020, Google will require users to enable the Flash functionality each and every time they want to use it, just as a safety precaution.

Adobe will stop supporting its Flash product by 2020.  The matrix in the next section provides an overview of what you need to pay attention to the most in terms of the June 2019 Patch Update.

 

The Patches You Need to Pay Attention To                                                                                                                                                                 

             Microsoft Rating                   Reference Number Description

 

 

 

 

Critical

 

 

CVE-2019-0988CVE-2019-0989, CVE-2019-0991CVE-2019-0992CVE-2019-0993CVE-2019-1002CVE-2019-1003 and CVE-2019-1024

These are all memory corruption vulnerabilities found in the Chakra scripting engine.  A Cyber attacker could exploit any of these bugs by tricking an end user, who is using the Edge Web Browser, into visiting a spoofed website.  If this is successful, the Cyber attacker can gain control of the entire computer or wireless device belonging to the end user.

 

 

 

Critical

 

             

            

CVE-2019-0620

 

 

This is a remote code execution vulnerability found in the Windows Hyper-V.  A Cyber attacker could easily exploit this bug by running a specialized script, causing the Hyper-V host operating system to launch arbitrary code.

 

 

 

 

Critical

 

 

 

 

CVE-2019-0888

 

This is a remote code execution vulnerability existing within the ActiveX Data Objects memory. A Cyber attacker could easily exploit this flaw by tricking the user into visiting a spoofed website. If successful, the Cyber attacker could then launch malicious code.

 

 

Important

 

 

CVE-2019-1065

 

This is a remote code execution vulnerability that exists within the ActiveX Data Objects, which is the same as above. 

 

 

Conclusions and Sources

Remember that Microsoft likes to install its updates and patches in one fell swoop.  So, it could take some time for your computer to download and install them.  It is expected that the next group of patches will be released on July 9th.  More specific information about the Microsoft Patches can be found at this link:

https://portal.msrc.microsoft.com/en-us/security-guidance

 

Sources

  1. https://blog.talosintelligence.com/2019/06/microsoft-patch-tuesday-june-2019.html
  2. https://krebsonsecurity.com/2019/06/microsoft-patch-tuesday-june-2019-edition/