Microsoft issued the June 2019 Security Updates that include 88 unique vulnerability fixes, 21 rated critical. Additional guidance was also published to mitigate Adobe vulnerabilities.
The updates address multiple Microsoft products to include:
- Adobe Flash Player
- Azure
- ChakraCore
- Internet Explorer
- Edge
- Exchange Server
- Office and Microsoft Office Services and Web Apps
- Windows
- Skype for Business and Microsoft Lync.
Of note, one patch fixes a remote code execution vulnerability (CVE-2019-0985) that impacts the Microsoft Speech API. In fact, Microsoft says exploitation is more likely on older OS, such as impacted Windows 7 and Server 2008 R2.
Users are also reminded that Microsoft ends support for Windows 7 and Server 2008 on January 14, 2020.
In addition, Microsoft also patched three remote code execution vulnerabilities in Hyper-V, to include CVE-2019-0620, CVE-2019-0709 and CVE-2019-0722.
Microsoft also issued a security advisory for Adobe Flash Player. The update was also made available by Adobe in APSB19-30 to fix a Critical vulnerability CVE-2019-7845 that could allow arbitrary code execution.
Critical Patches
The 21 critical Microsoft vulnerabilities are listed below (each impacts Windows, Browser or Development Tools product families):
- CVE-2019-0620
- CVE-2019-0709
- CVE-2019-0722
- CVE-2019-0888
- CVE-2019-0920
- CVE-2019-0985
- CVE-2019-0988
- CVE-2019-0989
- CVE-2019-0990
- CVE-2019-0991
- CVE-2019-0992
- CVE-2019-0993
- CVE-2019-1002
- CVE-2019-1003
- CVE-2019-1023
- CVE-2019-1024
- CVE-2019-1038
- CVE-2019-1051
- CVE-2019-1052
- CVE-2019-1055
- CVE-2019-1080
Of additional note, all but two are critical remote code execution bugs. The two others (CVE-2019-0990 and CVE-2019-1023) result in information disclosure. Each of these impact Edge browsers.
Finally, check out Microsoft’s Security Update Guide and June summary release notes for more details on all patches.