This week, Microsoft June Patch Tuesday updates rolled out with quite a few safety fixes. Reportedly, Microsoft fastened 88 totally different safety vulnerabilities affecting numerous merchandise. These additionally embrace the few zero-day bugs dropped on-line by SandboxEscaper.
Zero-Days Mounted With Microsoft June Patch Tuesday
Microsoft has rolled out the month-to-month updates for this month. The Microsoft June Patch Tuesday has additionally addressed zero-day bugs dropped on-line by SandboxEscaper.
The researcher SandboxEscaper, who has a historical past of dropping Microsoft zero-day bugs on-line, printed a path of exploits within the earlier month. The primary of those was a zero-day affecting Windows 10 Task Scheduler. Microsoft has assigned this one a CVE quantity CVE-2019-1069, describing it in its advisory as,
“An elevation of privilege vulnerability exists in the way in which the Process Scheduler Service validates sure file operations. An attacker who efficiently exploited the vulnerability may acquire elevated privileges on a sufferer system. To take advantage of the vulnerability, an attacker would require unprivileged code execution on a sufferer system.”
Alongside this one, SandboxEscaper introduced dropping three extra exploits on-line sooner, which she later disclosed publicly after a few days. Microsoft has acknowledged them as CVE-2019-0973, CVE-2019-1053, CVE-2019-1064 respectively.
Fortuitously, regardless of public disclosure, Microsoft confirmed no lively exploits for any of the zero-days within the wild.
Different Essential Safety Fixes
Alongside the zero-day bugs, Microsoft additionally fastened tens of different vulnerabilities, making up the full variety of patches to 88. A few of the essential fixes handle three distant code execution vulnerabilities in Hyper-V (CVE-2019-0620, CVE-2019-0709, and CVE-2019-0722), two in Microsoft Phrase (CVE-2019-1034 and CVE-2019-1035), and a few others.
Moreover, Microsoft additionally points a separate safety advisory for HoloLens units firmware updates. The advisory pertains to 4 distant code execution vulnerabilities affecting the units.
In all, the merchandise receiving safety fixes with this month’s patch bundle embrace Microsoft Home windows, Web Explorer, ChakraCore, Microsoft Edge, Microsoft Trade Server, Skype for Enterprise and Microsoft Lync, Azure, and Microsoft Workplace and Microsoft Workplace Companies and Internet Apps.