Microsoft’s SecurityPatches for June that Fix 93 Security Vulnerabilities Threat Alert

Microsoft’s SecurityPatches for June that Fix 93 Security Vulnerabilities Threat Alert

June 14, 2019 | Mina Hao

Overview

Microsoft released June 2019 security patches on Tuesday that fix 93 vulnerabilities ranging from simple spoofing attacks to remote code execution in various products, including Adobe Flash Player, Kerberos, Microsoft Browsers, Microsoft Devices, Microsoft Edge, Microsoft Exchange Server, Microsoft Graphics Component, Microsoft JET Database Engine, Microsoft Office, Microsoft Office SharePoint, Microsoft Scripting Engine, Microsoft Windows, Servicing Stack Updates, Skype for Business and Microsoft Lync, Team Foundation Server, VBScript, Windows Authentication Methods, Windows Hyper-V, Windows IIS, Windows Installer, Windows Kernel, Windows Media, Windows NTLM, and Windows Shell.

Details can be found in the following table.

Product CVE ID CVE Title Severity Level
Adobe Flash Player ADV190015 June 2019 Adobe Flash Security Updates Critical
Kerberos CVE-2019-0972 Local Security Authority Subsystem Service Denial-or-Service Vulnerability Important
Microsoft Browsers CVE-2019-1038 Microsoft Browser Memory Corruption Vulnerability Critical
Microsoft Browsers CVE-2019-1081 Microsoft Browser Memory Corruption Vulnerability Important
Microsoft Devices ADV190016 Bluetooth Low Energy Advisory Important
Microsoft Devices ADV190017 Microsoft HoloLens Remote Code Execution Vulnerabilities Important
Microsoft Edge CVE-2019-1054 Microsoft Edge Security Feature Bypass Vulnerability Important
Microsoft Exchange Server ADV190018 Microsoft Exchange Server Defense in Depth Update Unknown
Microsoft Graphics Component CVE-2019-1009 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1010 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1011 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1012 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1013 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1015 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1016 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1018 DirectX Privilege Escalation Vulnerability Important
Microsoft Graphics Component CVE-2019-1046 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1047 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1048 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1049 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-1050 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-0960 Win32k Privilege Escalation Vulnerability Important
Microsoft Graphics Component CVE-2019-0968 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-0977 Windows GDI Information Disclosure Vulnerability Important
Microsoft Graphics Component CVE-2019-0985 Microsoft Speech API Remote Code Execution Vulnerability Critical
Microsoft JET Database Engine CVE-2019-0904 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0905 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0906 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0907 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0908 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0909 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft JET Database Engine CVE-2019-0974 Jet Database Engine Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-1034 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office CVE-2019-1035 Microsoft Word Remote Code Execution Vulnerability Important
Microsoft Office SharePoint CVE-2019-1036 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2019-1031 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2019-1032 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Office SharePoint CVE-2019-1033 Microsoft Office SharePoint XSS Vulnerability Important
Microsoft Scripting Engine CVE-2019-0988 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0989 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1055 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0920 Scripting Engine Memory Corruption Vulnerability Moderate
Microsoft Scripting Engine CVE-2019-0990 Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0991 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0992 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-0993 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1002 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1003 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1023 Scripting Engine Information Disclosure Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1024 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1051 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1052 Chakra Scripting Engine Memory Corruption Vulnerability Critical
Microsoft Scripting Engine CVE-2019-1080 Scripting Engine Information Disclosure Vulnerability Moderate
Microsoft Windows CVE-2019-0888 ActiveX Data Objects (ADO) Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2019-0943 Windows ALPC Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0948 Windows Event Viewer Information Disclosure Vulnerability Moderate
Microsoft Windows CVE-2019-0959 Windows Common Log File System Driver Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0984 Windows Common Log File System Driver Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0709 Windows Hyper-V Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2019-0710 Windows Hyper-V Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2019-0711 Windows Hyper-V Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2019-0713 Windows Hyper-V Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2019-0722 Windows Hyper-V Remote Code Execution Vulnerability Critical
Microsoft Windows CVE-2019-0983 Windows Storage Service Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-0998 Windows Storage Service Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1025 Windows Denial-of-Service Vulnerability Important
Microsoft Windows CVE-2019-1043 Comctl32 Remote Code Execution Vulnerability Important
Microsoft Windows CVE-2019-1045 Windows Network File System Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1064 Windows Privilege Escalation Vulnerability Important
Microsoft Windows CVE-2019-1069 Task Scheduler Privilege Escalation Vulnerability Important
Servicing Stack Updates ADV990001 Latest Servicing Stack Updates Critical
Skype for Business and Microsoft Lync CVE-2019-1029 Skype for Business and Lync Server Denial-of-Service Vulnerability Important
Team Foundation Server CVE-2019-0996 Azure DevOps Server Spoofing Vulnerability Important
VBScript CVE-2019-1005 Scripting Engine Memory Corruption Vulnerability Important
Windows Authentication Methods CVE-2019-1040 Windows NTLM Tampering Vulnerability Important
Windows Hyper-V CVE-2019-0620 Windows Hyper-V Remote Code Execution Vulnerability Critical
Windows IIS CVE-2019-0941 Microsoft IIS Server Denial-of-Service Vulnerability Important
Windows Installer CVE-2019-0973 Windows Installer Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-1014 Win32k Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-1017 Win32k Privilege Escalation Vulnerability Important
Windows Kernel CVE-2019-1039 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1041 Windows Kernel Information Disclosure Vulnerability Important
Windows Kernel CVE-2019-1044 Windows Secure Kernel Mode Security Feature Bypass Vulnerability Important
Windows Kernel CVE-2019-1065 Windows Kernel Information Disclosure Vulnerability Important
Windows Media CVE-2019-1007 Windows Audio Service Privilege Escalation Vulnerability Important
Windows Media CVE-2019-1021 Windows Audio Service Privilege Escalation Vulnerability Important
Windows Media CVE-2019-1022 Windows Audio Service Privilege Escalation Vulnerability Important
Windows Media CVE-2019-1026 Windows Audio Service Privilege Escalation Vulnerability Important
Windows Media CVE-2019-1027 Windows Audio Service Privilege Escalation Vulnerability Important
Windows Media CVE-2019-1028 Windows Audio Service Privilege Escalation Vulnerability Important
Windows NTLM CVE-2019-1019 Microsoft Windows Security Feature Bypass Vulnerability Important
Windows Shell CVE-2019-0986 Windows User Profile Service Privilege Escalation Vulnerability Important
Windows Shell CVE-2019-1053 Windows Shell Privilege Escalation Vulnerability Important

 

Recommended Mitigation Measures

Microsoft has released security updates to fix these issues. Please download and install them as soon as possible.

Statement

This advisory is only used to describe a potential risk. NSFOCUS does not provide any commitment or promise on this advisory. NSFOCUS and the author will not bear any liability for any direct and/or indirect consequences and losses caused by transmitting and/or using this advisory. NSFOCUS reserves all the rights to modify and interpret this advisory. Please include this statement paragraph when reproducing or transferring this advisory. Do not modify this advisory, add/delete any information to/from it, or use this advisory for commercial purposes without permission from NSFOCUS.

About NSFOCUS

SFOCUS IB is a wholly owned subsidiary of NSFOCUS, an enterprise application and network security provider, with operations in the Americas, Europe, the Middle East, Southeast Asia and Japan. NSFOCUS IB has a proven track record of combatting the increasingly complex cyber threat landscape through the construction and implementation of multi-layered defense systems. The company’s Intelligent Hybrid Security strategy utilizes both cloud and on-premises security platforms, built on a foundation of real-time global threat intelligence, to provide unified, multi-layer protection from advanced cyber threats.

For more information about NSFOCUS, please visit:

https://www.nsfocusglobal.com.

NSFOCUS, NSFOCUS IB, and NSFOCUS, INC. are trademarks or registered trademarks of NSFOCUS, Inc. All other names and trademarks are property of their respective firms.

Download: ‘s SecurityPatches for June that Fix 93 Security Vulnerabilities Threat Alert