Microsoft on the June 11, 2019, Patch Day, released security updates for all supported versions of the Microsoft Windows operating system. Microsoft, this month, the OS maker has patched 88 vulnerabilities, among which 21 received a rating of “Critical,” the company’s highest severity ranking. Microsoft patched four Windows operating system bugs – all of which are already publicly known or have proof of concept exploits.
Microsoft’s four Important vulnerabilities that were publicly disclosed all affect Windows systems are as follows:
- CVE-2019-0973, an elevation-of-privilege (EOP) flaw in the Windows Installer for all supported Windows systems.
- CVE-2019-1053, an EOP vulnerability in the Windows Shell for all supported Windows systems.
- CVE-2019-1064, an EOP issue associated with the AppX Deployment Service that affects Windows 10, Windows Server 2016 and Windows Server 2019.
- CVE-2019-1069, a Task Scheduler EOP vulnerability in Windows 10, Windows Server 2016 and Windows Server 2019. Trend Micro’s Zero Day Initiative published a technical analysis on this particular vulnerability, which leverages the high privileges of Task Scheduler.
Below is the full list of vulnerabilities resolved, advisories, and SSUs in the June 2019 Patch Tuesday updates.
Tag | CVE ID | CVE Title | Severity |
---|---|---|---|
Adobe Flash Player | ADV190015 | June 2019 Adobe Flash Security Update | Critical |
Kerberos | CVE-2019-0972 | Local Security Authority Subsystem Service Denial of Service Vulnerability | Important |
Microsoft Browsers | CVE-2019-1081 | Microsoft Browser Information Disclosure Vulnerability | Important |
Microsoft Browsers | CVE-2019-1038 | Microsoft Browser Memory Corruption Vulnerability | Critical |
Microsoft Devices | ADV190017 | Microsoft HoloLens Remote Code Execution Vulnerabilities | Important |
Microsoft Devices | ADV190016 | Bluetooth Low Energy Advisory | Important |
Microsoft Edge | CVE-2019-1054 | Microsoft Edge Security Feature Bypass Vulnerability | Important |
Microsoft Exchange Server | ADV190018 | Microsoft Exchange Server Defense in Depth Update | Unknown |
Microsoft Graphics Component | CVE-2019-1018 | DirectX Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1047 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1046 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1013 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1015 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1016 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1048 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-0977 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-0960 | Win32k Elevation of Privilege Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-0968 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1049 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1050 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-0985 | Microsoft Speech API Remote Code Execution Vulnerability | Critical |
Microsoft Graphics Component | CVE-2019-1010 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1009 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1011 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft Graphics Component | CVE-2019-1012 | Windows GDI Information Disclosure Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-0905 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-0974 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-0904 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-0906 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-0908 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-0909 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft JET Database Engine | CVE-2019-0907 | Jet Database Engine Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-1035 | Microsoft Word Remote Code Execution Vulnerability | Important |
Microsoft Office | CVE-2019-1034 | Microsoft Word Remote Code Execution Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-1032 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-1036 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-1031 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Office SharePoint | CVE-2019-1033 | Microsoft Office SharePoint XSS Vulnerability | Important |
Microsoft Scripting Engine | CVE-2019-1002 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-0991 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1080 | Scripting Engine Memory Corruption Vulnerability | Moderate |
Microsoft Scripting Engine | CVE-2019-1023 | Scripting Engine Information Disclosure Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-0993 | Chakra Scripting Engine Memory Corruption Vulnerability | Moderate |
Microsoft Scripting Engine | CVE-2019-0992 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1024 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-0990 | Scripting Engine Information Disclosure Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-0988 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-0989 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1055 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1052 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1051 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-0920 | Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Scripting Engine | CVE-2019-1003 | Chakra Scripting Engine Memory Corruption Vulnerability | Critical |
Microsoft Windows | CVE-2019-1069 | Task Scheduler Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1064 | Windows Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-0888 | ActiveX Data Objects (ADO) Remote Code Execution Vulnerability | Critical |
Microsoft Windows | CVE-2019-1025 | Windows Denial of Service Vulnerability | Important |
Microsoft Windows | CVE-2019-1045 | Windows Network File System Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-1043 | Comctl32 Remote Code Execution Vulnerability | Important |
Microsoft Windows | CVE-2019-0710 | Windows Hyper-V Denial of Service Vulnerability | Important |
Microsoft Windows | CVE-2019-0709 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
Microsoft Windows | CVE-2019-0722 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
Microsoft Windows | CVE-2019-0943 | Windows ALPC Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-0713 | Windows Hyper-V Denial of Service Vulnerability | Important |
Microsoft Windows | CVE-2019-0983 | Windows Storage Service Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-0984 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-0711 | Windows Hyper-V Denial of Service Vulnerability | Important |
Microsoft Windows | CVE-2019-0948 | Windows Event Viewer Information Disclosure Vulnerability | Moderate |
Microsoft Windows | CVE-2019-0959 | Windows Common Log File System Driver Elevation of Privilege Vulnerability | Important |
Microsoft Windows | CVE-2019-0998 | Windows Storage Service Elevation of Privilege Vulnerability | Important |
Servicing Stack Updates | ADV990001 | Latest Servicing Stack Updates | Critical |
Skype for Business and Microsoft Lync | CVE-2019-1029 | Skype for Business and Lync Server Denial of Service Vulnerability | Important |
Team Foundation Server | CVE-2019-0996 | Azure DevOps Server Spoofing Vulnerability | Important |
VBScript | CVE-2019-1005 | Scripting Engine Memory Corruption Vulnerability | Low |
Windows Authentication Methods | CVE-2019-1040 | Windows NTLM Tampering Vulnerability | Important |
Windows Hyper-V | CVE-2019-0620 | Windows Hyper-V Remote Code Execution Vulnerability | Critical |
Windows IIS | CVE-2019-0941 | Microsoft IIS Server Denial of Service Vulnerability | Important |
Windows Installer | CVE-2019-0973 | Windows Installer Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2019-1044 | Windows Secure Kernel Mode Security Feature Bypass Vulnerability | Important |
Windows Kernel | CVE-2019-1014 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2019-1017 | Win32k Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2019-1065 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2019-1041 | Windows Kernel Elevation of Privilege Vulnerability | Important |
Windows Kernel | CVE-2019-1039 | Windows Kernel Information Disclosure Vulnerability | Important |
Windows Media | CVE-2019-1026 | Windows Audio Service Elevation of Privilege Vulnerability | Important |
Windows Media | CVE-2019-1007 | Windows Audio Service Elevation of Privilege Vulnerability | Important |
Windows Media | CVE-2019-1027 | Windows Audio Service Elevation of Privilege Vulnerability | Important |
Windows Media | CVE-2019-1022 | Windows Audio Service Elevation of Privilege Vulnerability | Important |
Windows Media | CVE-2019-1021 | Windows Audio Service Elevation of Privilege Vulnerability | Important |
Windows Media | CVE-2019-1028 | Windows Audio Service Elevation of Privilege Vulnerability | Important |
Windows NTLM | CVE-2019-1019 | Microsoft Windows Security Feature Bypass Vulnerability | Important |
Windows Shell | CVE-2019-0986 | Windows User Profile Service Elevation of Privilege Vulnerability | Important |
Windows Shell | CVE-2019-1053 | Windows Shell Elevation of Privilege Vulnerability | Important |