June Patch Tuesday: WSUS Needs Your Attention
Microsoft has released 91 patches today—the largest release of the year so far. For those using WSUS 3.0 SP2, one update must be manually installed.
Patch Tuesday Release
Microsoft have released 91 patches today covering IE, Edge, ChakraCore, Skype, Windows and Office. There are 21 rated Critical and 66 Important, which so far this year is the largest release of this year. Thankfully no updates in this release are being exploited yet, but the sheer number of updates will certainly keep your IT manager busy this month.
Urgent – WSUS needs your manual attention for KB4484071
Microsoft is continuing its SHA1 to SHA2 signing process this month, with two planned changes. Windows 10 updates are automatic, but for those customers using WSUS 3.0 SP2, KB4484071 must be manually installed to support SHA2 updates.
Robert Brown, Director of Services said, “This has caught a lot of our readers out over the past few months. If your device does not support SHA2, you are not downloading the latest content which is making your devices safe.”
Could CVE-2019-1069 be the next BlueKeep?
Many of our IT staff utilize the Windows Scheduler to perform complex software installations, as it is super useful for installing software following complex reboot operations or installing software when there is no user logged on. Both our Cyber Security Analysts and other respected insider peers are highly concerned that this “Publicly Disclosed” vulnerability could be the next BlueKeep threat, due to the potential catastrophic exploit potential of this threat.
Adobe Updates
Thankfully, unlike Microsoft Adobe have only released 10 updates for Reader and Flash Player. All updates are Critical or Important priority 2 meaning IT Admins should install these updates within the next 30 days.
We have made a few recommendations below which you should prioritize, use Syxsense to organize and deploy Windows, third-party, Mac OS and Linux updates to keep your environment safe.
Patch Tuesday Release
| Verismic Recommended | CVE Identity | Description / Type | Severity | Publicly Discovered | Actively Being Exploited |
| Yes | CVE-2019-1069 | Task Scheduler Elevation of Privilege Vulnerability | Important | Yes | No |
| Yes | CVE-2019-1064 | Windows Elevation of Privilege Vulnerability | Important | Yes | No |
| Yes | CVE-2019-0973 | Windows Installer Elevation of Privilege Vulnerability | Important | Yes | No |
| Yes | CVE-2019-1053 | Windows Shell Elevation of Privilege Vulnerability | Important | Yes | No |
| Yes | CVE-2019-0990 | Scripting Engine Information Disclosure Vulnerability | Critical | No | No |
| Yes | CVE-2019-1023 | Scripting Engine Information Disclosure Vulnerability | Critical | No | No |
| Yes | CVE-2019-0888 | ActiveX Data Objects (ADO) Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-0989 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-0991 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-0992 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-0993 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1002 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1003 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1024 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1051 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1052 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1038 | Microsoft Browser Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-0985 | Microsoft Speech API Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-1080 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-0920 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-0988 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-1055 | Scripting Engine Memory Corruption Vulnerability | Critical | No | No |
| Yes | CVE-2019-0620 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-0709 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | No | No |
| Yes | CVE-2019-0722 | Windows Hyper-V Remote Code Execution Vulnerability | Critical | No | No |
| CVE-2019-0972 | Local Security Authority Subsystem Service Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-0941 | Microsoft IIS Server Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-1029 | Skype for Business and Lync Server Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-1025 | Windows Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-0710 | Windows Hyper-V Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-0711 | Windows Hyper-V Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-0713 | Windows Hyper-V Denial of Service Vulnerability | Important | No | No | |
| CVE-2019-1018 | DirectX Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0960 | Win32k Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1014 | Win32k Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1017 | Win32k Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0943 | Windows ALPC Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1007 | Windows Audio Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1021 | Windows Audio Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1022 | Windows Audio Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1026 | Windows Audio Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1027 | Windows Audio Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1028 | Windows Audio Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0959 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0984 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1041 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1065 | Windows Kernel Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1045 | Windows Network File System Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0983 | Windows Storage Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0998 | Windows Storage Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-0986 | Windows User Profile Service Elevation of Privilege Vulnerability | Important | No | No | |
| CVE-2019-1081 | Microsoft Browser Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-0968 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-0977 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1009 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1010 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1011 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1012 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1013 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1015 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1016 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1046 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1047 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1048 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1049 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1050 | Windows GDI Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1039 | Windows Kernel Information Disclosure Vulnerability | Important | No | No | |
| CVE-2019-1043 | Comctl32 Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0904 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0905 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0906 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0907 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0908 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0909 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-0974 | Jet Database Engine Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1034 | Microsoft Word Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1035 | Microsoft Word Remote Code Execution Vulnerability | Important | No | No | |
| CVE-2019-1005 | Scripting Engine Memory Corruption Vulnerability | Important | No | No | |
| CVE-2019-1054 | Microsoft Edge Security Feature Bypass Vulnerability | Important | No | No | |
| CVE-2019-1019 | Microsoft Windows Security Feature Bypass Vulnerability | Important | No | No | |
| CVE-2019-1044 | Windows Secure Kernel Mode Security Feature Bypass Vulnerability | Important | No | No | |
| CVE-2019-0996 | Azure DevOps Server Spoofing Vulnerability | Important | No | No | |
| CVE-2019-1040 | Windows NTLM Tampering Vulnerability | Important | No | No | |
| CVE-2019-1031 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | |
| CVE-2019-1032 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | |
| CVE-2019-1033 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | |
| CVE-2019-1036 | Microsoft Office SharePoint XSS Vulnerability | Important | No | No | |
| CVE-2019-0948 | Windows Event Viewer Information Disclosure Vulnerability | Moderate | No | No |
