{"id":15551,"date":"2019-06-12T07:17:05","date_gmt":"2019-06-12T15:17:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2019\/06\/12\/news-9300\/"},"modified":"2019-06-12T07:17:05","modified_gmt":"2019-06-12T15:17:05","slug":"news-9300","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2019\/06\/12\/news-9300\/","title":{"rendered":"Microsoft Patch Tuesday, June 2019 Edition"},"content":{"rendered":"

Credit to Author: BrianKrebs| Date: Wed, 12 Jun 2019 13:26:21 +0000<\/strong><\/p>\n

Microsoft<\/strong>\u00a0on Tuesday released updates to fix 88 security vulnerabilities in its Windows<\/strong> operating systems and related software. The most dangerous of these include four flaws for which there is already exploit code available. There’s also a scary bug affecting all versions of Microsoft Office<\/strong> that can be triggered by a malicious link or attachment. And of course Adobe<\/strong> has its customary monthly security update for Flash Player<\/strong>.<\/p>\n

\"\"Microsoft says it has so far seen no exploitation against any of the four flaws that were disclosed publicly prior to their patching this week — nor against any of the 88 bugs quashed in this month’s release. All four are privilege escalation flaws: CVE-2019-1064<\/a> and CVE-2019-1069<\/a> affect Windows 10<\/strong> and later; CVE-2019-1053<\/a> and CVE-2019-0973<\/a> both affect all currently supported versions of Windows.<\/p>\n

Most of the critical vulnerabilities — those that can be exploited by malware or miscreants to infect systems without any action on the part of the user — are present in Microsoft’s browsers Internet Explorer<\/strong> and Edge<\/strong>.<\/p>\n

According to Allan Liska<\/strong>, senior solutions architect at Recorded Future<\/strong>, serious vulnerabilities\u00a0in this month’s patch batch reside in Microsoft Word<\/strong> (CVE-2019-1034<\/a> and CVE-2019-1035<\/a>).<\/p>\n

“This is another memory corruption vulnerability that requires an attacker to send a specially crafted Microsoft Word document for a victim to open, alternatively an attacker could convince a victim to click on a link to a website hosting a malicious Microsoft Word document,” Liska wrote. “This vulnerability affects all versions of Microsoft Word on Windows and Mac as well as Office 365. Given that Microsoft Word Documents are a favorite exploitation tool of cybercriminals, if this vulnerability is reverse engineered it could be widely exploited.”<\/span><\/p>\n

Microsoft also pushed an update to plug a single critical security hole<\/a> in Adobe’s Flash Player software, which is waning in use but it still is a target for malware purveyors.\u00a0Google Chrome\u00a0<\/strong>auto-updates Flash but also is now making users explicitly enable Flash every time they want to use it. By the summer of 2019 Google will\u00a0make Chrome users go into their settings to enable it<\/a>\u00a0every time they want to run it.<\/p>\n

Firefox also forces users with the Flash add-on installed to click in order to play Flash content; instructions for disabling or removing Flash from Firefox are\u00a0here<\/a>. Adobe will stop supporting Flash at the end of 2020.<\/p>\n

Note that\u00a0Windows 10<\/strong>\u00a0likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn\u2019t make it easy for Windows 10 users to change this setting,\u00a0but it is possible<\/a>. For all other Windows OS users, if you\u2019d rather be alerted to new updates when they\u2019re available so you can choose when to install them, there\u2019s a setting for that in\u00a0Windows Update<\/strong>. To get there, click the Windows key on your keyboard and type “windows update” into the box that pops up.<\/p>\n

Staying up-to-date on Windows patches is good. Updating only after you\u2019ve backed up your important data and files is even better. A good backup means you\u2019re not pulling your hair out if the odd buggy patch causes problems booting the system. So do yourself a favor and backup your files before installing any patches.<\/p>\n

As always, if you experience any problems installing any of the patches this month, please feel free to leave a comment about it below; there\u2019s a good chance other readers have experienced the same and may even chime in here with some helpful tips.<\/p>\n

Additional reading:<\/p>\n

Martin Brinkmann’s take at Ghacks.net<\/a><\/p>\n

Qualys on Patch Tuesday<\/a><\/p>\n

SANS’s quick reference by severity<\/a><\/p>\n

https:\/\/krebsonsecurity.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

<\/p>\n

Credit to Author: BrianKrebs| Date: Wed, 12 Jun 2019 13:26:21 +0000<\/strong><\/p>\n

Microsoft\u00a0on Tuesday released updates to fix 88 security vulnerabilities in its Windows operating systems and related software. The most dangerous of these include four flaws for which there is already exploit code available. There’s also a scary bug affecting all versions of Microsoft Office that can be triggered by a malicious link or attachment. And of course Adobe has its customary monthly security update for Flash Player.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10642],"tags":[18720,22013,22014,22015,22016,22017,22018,22019,11753,16936],"class_list":["post-15551","post","type-post","status-publish","format-standard","hentry","category-independent","category-krebs","tag-allan-liska","tag-cve-2019-0973","tag-cve-2019-1034","tag-cve-2019-1035","tag-cve-2019-1053","tag-cve-2019-1064","tag-cve-2019-1069","tag-patch-tuesday-june-2019","tag-recorded-future","tag-time-to-patch"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15551","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=15551"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/15551\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=15551"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=15551"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=15551"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}