Your one-stop web resource providing safety and security information to manufacturers

Microsoft released its June Patch Tuesday offering this week fixing 88 vulnerabilities, of which there were five Zero Days and 30 with a critical rating.

The software giant addressed four of the five Zero Days security researcher, SandboxEscaper, published online over the last month.

RELATED STORIES
Microsoft Patches Zero Day
Malware Beware: Update Windows ASAP
Manufacturing Report: Financial Attacks on Rise
Siemens, TÜV SÜD Partner on Safety-Security

A fix for the fifth Zero Day will come in a bit as Microsoft is still working on it.

Of all the 88 vulnerabilities patched this month, none appeared to undergo attacks to date, officials said.

Cyber Security

The June security release consists of security updates for the following software:
• Azure
• Adobe Flash Player
• Microsoft Windows
• Internet Explorer
• Microsoft Edge
• Microsoft Office and Microsoft Office Services and Web Apps
• ChakraCore
• Skype for Business and Microsoft Lync
• Microsoft Exchange Server

Among the bevy of patches, Microsoft cleared four remote code execution (RCE) holes – CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503 – that affect the Broadcom wireless chipset in Microsoft HoloLens devices.

In addition, there is a critical remote code execution vulnerability exists in the way Microsoft browsers access objects in memory. The vulnerability – CVE-2019-1038 – could corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user. An attacker can exploit this issue to gain the same user rights as the current user.

Microsoft also said as a result of applying the patches, some Bluetooth-based security keys may stop working on Windows.

The Feitian and Google Titan security keys, which contain a misconfiguration in the Bluetooth pairing protocols that allows an attacker to interact with the key.

“Due to a misconfiguration in the Bluetooth pairing protocols, it is possible for an attacker who is physically close to a user at the moment he/she uses the security key to communicate with the security key, or communicate with the device to which the key is paired, Microsoft said in the advisory. “To address this issue, Microsoft has blocked the pairing of these Bluetooth Low Energy (BLE) keys with the pairing misconfiguration.”

Click here for more Patch Tuesday information.

Pin It on Pinterest

Share This