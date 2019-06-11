Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
Settings
Settings
Dynamic quotes 
OFFON

MarketScreener Homepage  >  News  >  Companies  >  All News

News : Companies
Latest NewsCompaniesMarketsEconomy & ForexCommoditiesInterest RatesBusiness LeadersFinance ProfessionalsCalendarSectors
All News
Analyst Recommendations
Rumors
IPOs
Capital Markets Transactions
New Contracts
Profits warnings
Appointments
Press Releases
Events
Corporate actions

Rapid7 : Patch Tuesday - June 2019

share with twitter share with LinkedIn share with facebook
share via e-mail
0
06/11/2019 | 06:44pm EDT

Nearing the halfway point of 2019, today's Patch Tuesday sees Microsoft fix 88 vulnerabilities, the highest count so far this year. Nothing this month seems 'wormable' like the BlueKeep vulnerability patched in May, and none of them have been seen exploited in the wild. However, four elevation of privilege vulnerabilities had been previously disclosed. It's likely that at least some of these correspond to the vulnerabilities published by the security researcher known as SandboxEscaper over the last several weeks. Two of them, CVE-2019-1064 (AppX Deployment Service) and CVE-2019-1069 (Task Scheduler), affect Windows 10 and later. CVE-2019-1053 (Windows Shell) and CVE-2019-0973 (Windows Installer) both affect all currently supported versions of Windows.

Severity-wise, CVE-2019-1019 is a nasty-looking Security Feature Bypass that could let an attacker steal a session key using a specially crafted NETLOGON message, allowing them to access other systems as the original user. This is known as an NTLM Relay attack. (Note that this is distinct from CVE-2019-9510, an RDP issue that the CERT Coordination Center issued an advisory for on June 4th but Microsoft does not consider a candidate for a security fix.)

CVE-2019-0888 and CVE-2019-0722 are also fairly critical to get patched this month, being remote code execution (RCE) vulnerabilities in ActiveX and Hyper-V respectively. Fixes were also released today for Word, IE, Edge, SharePoint Server and Lync Server. As is often the case, an RCE in Adobe Flash was also fixed (CVE-2019-7845). Some additional fixes that came from other vendors but affect Microsoft products were also published today as security advisories. ADV190017 describes three RCE vulnerabilities affecting HoloLens devices, due to flaws in the Broadcom wireless chipset firmware, and ADV190016 addresses a weakness in the algorithm used when pairing Bluetooth Low Energy security keys. If you have any such keys in your environment, be sure to update the Windows security updates and also check for any advisories from the key manufacturers themselves.

Note: not all CVEs had CVSSv3 data available at the time of writing

Disclaimer

Rapid7 Inc. published this content on 11 June 2019 and is solely responsible for the information contained herein. Distributed by Public, unedited and unaltered, on 11 June 2019 22:43:07 UTC
share with twitter share with LinkedIn share with facebook
share via e-mail
0
Latest news "Companies"
07:34pSTARPHARMA : US patent granted for DEP Bcl2/xL inhibitor conjugates
PU
07:34pPG&E : Encourages Customers to Conserve Electricity as California Declares Flex Alert
BU
07:33pTESORO MINERALS : Announces Appointment of Corporate Secretary
AQ
07:33pMetropolitan Helps California Prepare for Climate Change
BU
07:31pREALTY INCOME : 102ⁿᵈ Common Stock Monthly Dividend Increase Declared By Realty Income
PR
07:29pCONTANGO ORE, INC. : Provides an Update on Joint Sale Process of Peak Gold Project
BU
07:25pCENTURY COMMUNITIES, INC. : announces pre-sales of affordable new condo community in Aurora
PR
07:23pKESSLER TOPAZ MELTZER & CHECK, LLP – Reminds Investors of Securities Fraud Class Action Lawsuit Against MOMO INC. – MOMO
GL
07:22pZero Commission Brokerages -- How Do They Make Money?
PR
07:16pKBRA Releases Day One Recap of the Global ABS 2019 Conference in Barcelona
BU
Latest news "Companies"
Advertisement

MOST READ NEWS

1DASSAULT SYSTÈMES : DASSAULT SYSTEMES : France's Dassault nears deal to buy healthcare software maker Medidata..
2STARPHARMA HOLDINGS LIMITED : STARPHARMA : US patent granted for DEP Bcl2/xL inhibitor conjugates
3ROYAL DUTCH SHELL : ROYAL DUTCH SHELL : Libra Consortium takes final investment decision on Mero-2 FPSO in Bra..
4CBOE GLOBAL MARKETS INC. : TESLA ANNUAL SHAREHOLDERS MEETING RESULTS: Shareholders Have Rejected Measure To El..
5JACK IN THE BOX INC. : THE LATEST: Man arrested in shooting of off-duty LA deputy

HOT NEWS
Categories
Free services
Mobile App
Premium service
About