June, 2019: Patch Tuesday: 4 Publically Disclosed Vulnerabilities

Welcome to this June Patch Tuesday Bulletin. This month there are 89 unique CVE’s, 4 publicly disclosed vulnerabilities, 9 technologies affected, and no reported attacks. All 4 of the publicly disclosed vulnerabilities (CVE-2019-1053, CVE-2019-1064, CVE-2019-1069, CVE-2019-0973) are privilege escalation vulnerabilities affecting Windows. In order to exploit these vulnerabilities an attacker would need to be able to execute malicious on a victim machine and there have been zero attacks reported in the wild. Exchange is being updated this month but there are no related CVE’s as this update is providing security enhancements only.

Over the years we've had millions of visitors to UltimateWindowsSecurity.com. Every month we have thousands and thousands of visitors to our Security Log Encyclopedia which documents all of the Security Log event ID’s for Windows Server OS’s. Back in 2007 when SharePoint added auditing capability, I realized that my audience not only needed the event information from SharePoint but I also found a similar need in SQL Server and Exchange. So not only did I document the data but I also started to develop the means to extract that event data from these applications so that it’s accessible and useable to the end user. Some 8 years later and LOGbinder is continuing to grow as companies realize LOGbinder bridges the gap between these applications and their infosec team. Visit LOGbinder.com to download a free 30-day fully functional trial and see the security event data that you have literally been missing.

So, without further ado, here’s the chart of MS patches this month.

Patch data provided by:

Technology

Products Affected

Severity

Reference

Workaround/ Exploited

Vulnerability Info

Adobe

Adobe Flash Player 32.0.0.192 ?and earlier

Critical

CVE-2019-7845

*Workaround: No

**Public: No

Exploited: No

Arbitrary Code Execution

Windows

Windows 7, 8.1, RT 8.1, 10

Server 2008, 2008 R2, 2012, 2012 R2, 2016, 2019

Critical

CVE-2019-0713

CVE-2019-0722

CVE-2019-0888

CVE-2019-0904

CVE-2019-1025

CVE-2019-1026

CVE-2019-1027

CVE-2019-1028

CVE-2019-1039

CVE-2019-0620

CVE-2019-0709

CVE-2019-0710

CVE-2019-0711

CVE-2019-1019

CVE-2019-1021

CVE-2019-1022

CVE-2019-0905

CVE-2019-0906

CVE-2019-1040

CVE-2019-1041

CVE-2019-1043

CVE-2019-0907

CVE-2019-0908

CVE-2019-1044

CVE-2019-1045

CVE-2019-1046

CVE-2019-1047

CVE-2019-0909

CVE-2019-0941

CVE-2019-1048

CVE-2019-1049

CVE-2019-1050

CVE-2019-1053

CVE-2019-0943

CVE-2019-0948

CVE-2019-0959

CVE-2019-1064

CVE-2019-1065

CVE-2019-1069

CVE-2019-0960

CVE-2019-0968

CVE-2019-0972

CVE-2019-0973

CVE-2019-0974

CVE-2019-0977

CVE-2019-0983

CVE-2019-0984

CVE-2019-0985

CVE-2019-0986

CVE-2019-0998

CVE-2019-1007

CVE-2019-1009

CVE-2019-1010

CVE-2019-1011

CVE-2019-1012

CVE-2019-1013

CVE-2019-1014

CVE-2019-1015

CVE-2019-1016

CVE-2019-1017

CVE-2019-1018

 

*Workaround: No

**Public: Yes

Exploited: No

Denial of Service

Remote Code Execution

Elevation of Privilege

Information Disclosure

Security Feature Bypass

Tampering

 

Internet Explorer

IE 9, 10, 11

Critical

CVE-2019-0920

CVE-2019-0988

CVE-2019-1005

CVE-2019-1038

CVE-2019-1055

CVE-2019-1080

CVE-2019-1081

*Workaround: No

**Public: No

Exploited: No

Remote Code Execution

Information Disclosure

 

Edge

All

Critical

CVE-2019-1002

CVE-2019-1003

CVE-2019-1023

CVE-2019-1024

CVE-2019-1038

CVE-2019-1051

CVE-2019-0989

CVE-2019-0990

CVE-2019-0991

CVE-2019-0992

CVE-2019-0993

CVE-2019-1052

CVE-2019-1054

CVE-2019-1081

 

*Workaround: No

**Public: No

Exploited: No

Remote Code Execution

Information Disclosure

Security Feature Bypass

 

Office, Office Services, and Web Apps

Lync Server 2010, 2013

Office 2010, 2016 for Mac, 2019, 2019 for Mac, Web Apps 2010

Project Server 2010

SharePoint Enterprise 2013, 2016

SharePoint Foundation 2010, 2013

SharePoint Server 2010, 2019

Word 2010, 2013, 2016

Office 365

Important

CVE-2019-1029

CVE-2019-1031

CVE-2019-1032

CVE-2019-1033

CVE-2019-1034

CVE-2019-1035

CVE-2019-1036

 

*Workaround: No

**Public: No

Exploited: No

Denial of Service

Spoofing

Remote Code Execution

 

ChakraCore

All

Critical

CVE-2019-0989

CVE-2019-0990

CVE-2019-0991

CVE-2019-0993

CVE-2019-1003

CVE-2019-1023

CVE-2019-1024

CVE-2019-1051

CVE-2019-1052

*Workaround: No

**Public: No

Exploited: No

Remote Code Execution

Information Disclosure

 

Skype for Business and Lync

Lync Server

Important

CVE-2019-1029

*Workaround: No

**Public: No

Exploited: No

Denial of Service

Exchange

Server 2010, 2013, 2016, 2019

None

ADV190018

*Workaround: No

**Public: No

Exploited: No

Enhanced Security

Azure

DevOps Server 2019

Important

CVE-2019-0996

*Workaround: No

**Public: No

Exploited: No

Spoofing


Send me this chart next Patch Tuesday.
Email:

We will not share your address. Unsubscribe anytime. By clicking "Submit",
you're agreeing to our Privacy Policy and consenting to be contacted by us.