Microsoft 11 czerwca 2019 roku wydał nowy pakiet aktualizacji bezpieczeństwa w ramach comiesięcznego Patch Tuesday. Wydano łącznie 88 poprawki bezpieczeństwa, w tym 21 poprawek oznaczonych jako krytyczne.

Aktualizacje naprawiają luki m.in. w:

  • Windows OS
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Office and Services
  • ChakraCore
  • Skype for Business
  • Microsoft Lync
  • Microsoft Exchange Server
  • Azure

Najistotniejszymi podatnościami, które zostały naprawione są:

CVE-2019-1040, CVE-2019-1019 – podatność w protokole autoryzacji NTML. Atak typu “man-in-the-middle” umożliwia wykonanie złośliwego kodu na dowolnym komputerze z systemem Windows lub uwierzytelnienie się na dowolnym serwerze obsługującym zintegrowane uwierzytelnianie systemu Windows (WIA), takim jak Exchange lub ADFS.

CVE-2019-0620, CVE-2019-0709, CVE-2019-0722 – umożliwia zdalne wykonanie kodu w Windows Hyper-V, ponieważ komputer-host nie może poprawnie zweryfikować danych wejściowych od uwierzytelnionego użytkownika w systemie operacyjnym gościa.

Poniżej przedstawiamy szczegółowe zestawienie aktualizacji:

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
ActiveX Data Objects (ADO) Remote Code Execution Vulnerability
CVE-2019-0888 No No Less Likely Less Likely Critical 8.8 7.9
Azure DevOps Server Spoofing Vulnerability
CVE-2019-0996 No No Less Likely Less Likely Important
Bluetooth Low Energy Advisory
ADV190016 No No Important
Chakra Scripting Engine Memory Corruption Vulnerability
CVE-2019-0989 No No Critical 4.2 3.8
CVE-2019-0991 No No Critical 4.2 3.8
CVE-2019-0992 No No Critical 4.2 3.8
CVE-2019-0993 No No Critical 4.2 3.8
CVE-2019-1002 No No Critical 4.2 3.8
CVE-2019-1003 No No Critical 4.2 3.8
CVE-2019-1024 No No Critical 4.2 3.8
CVE-2019-1051 No No Critical 4.2 3.8
CVE-2019-1052 No No Critical 4.2 3.8
Comctl32 Remote Code Execution Vulnerability
CVE-2019-1043 No No Less Likely Less Likely Important 6.4 5.8
DirectX Elevation of Privilege Vulnerability
CVE-2019-1018 No No Important 7.0 6.3
Jet Database Engine Remote Code Execution Vulnerability
CVE-2019-0904 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0905 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0906 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0907 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0908 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0909 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-0974 No No Less Likely Less Likely Important 7.8 7.0
June 2019 Adobe Flash Security Update
ADV190015 No No Critical
Latest Servicing Stack Updates
ADV990001 No No Critical
Local Security Authority Subsystem Service Denial of Service Vulnerability
CVE-2019-0972 No No Less Likely Less Likely Important 6.5 5.6
Microsoft Browser Information Disclosure Vulnerability
CVE-2019-1081 No No Important 4.3 3.9
Microsoft Browser Memory Corruption Vulnerability
CVE-2019-1038 No No More Likely More Likely Critical 6.4 5.8
Microsoft Edge Security Feature Bypass Vulnerability
CVE-2019-1054 No No Important 5.0 4.5
Microsoft Exchange Server Defense in Depth Update
ADV190018 No No
Microsoft HoloLens Remote Code Execution Vulnerabilities
ADV190017 No No Important
Microsoft IIS Server Denial of Service Vulnerability
CVE-2019-0941 No No Less Likely Less Likely Important 7.5 6.7
Microsoft Office SharePoint XSS Vulnerability
CVE-2019-1036 No No Less Likely Less Likely Important
CVE-2019-1031 No No Less Likely Less Likely Important
CVE-2019-1032 No No Less Likely Less Likely Important
CVE-2019-1033 No No Less Likely Less Likely Important
Microsoft Speech API Remote Code Execution Vulnerability
CVE-2019-0985 No No Critical 7.8 7.0
Microsoft Windows Security Feature Bypass Vulnerability
CVE-2019-1019 No No Less Likely Less Likely Important 8.5 7.6
Microsoft Word Remote Code Execution Vulnerability
CVE-2019-1034 No No Less Likely Less Likely Important
CVE-2019-1035 No No Less Likely Less Likely Important
Scripting Engine Information Disclosure Vulnerability
CVE-2019-0990 No No Critical 6.5 5.9
CVE-2019-1023 No No Critical 6.5 5.9
Scripting Engine Memory Corruption Vulnerability
CVE-2019-0988 No No More Likely More Likely Critical 7.5 6.7
CVE-2019-1055 No No More Likely More Likely Critical 6.4 5.8
CVE-2019-0920 No No More Likely More Likely Critical 6.4 5.8
CVE-2019-1005 No No More Likely More Likely Important 6.4 5.8
CVE-2019-1080 No No More Likely More Likely Critical 6.4 5.8
Skype for Business and Lync Server Denial of Service Vulnerability
CVE-2019-1029 No No Less Likely Less Likely Important
Task Scheduler Elevation of Privilege Vulnerability
CVE-2019-1069 Yes No More Likely More Likely Important 7.8 7.0
Win32k Elevation of Privilege Vulnerability
CVE-2019-1014 No No Less Likely Less Likely Important 7.0 6.3
CVE-2019-1017 No No More Likely More Likely Important 7.0 6.3
CVE-2019-0960 No No Important 7.0 6.3
Windows ALPC Elevation of Privilege Vulnerability
CVE-2019-0943 No No More Likely More Likely Important 7.8 7.0
Windows Audio Service Elevation of Privilege Vulnerability
CVE-2019-1007 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1021 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1022 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1026 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1027 No No Less Likely Less Likely Important 7.8 7.0
CVE-2019-1028 No No Less Likely Less Likely Important 7.8 7.0
Windows Common Log File System Driver Elevation of Privilege Vulnerability
CVE-2019-0959 No No More Likely More Likely Important 7.0 6.3
CVE-2019-0984 No No More Likely More Likely Important 7.0 6.3
Windows Denial of Service Vulnerability
CVE-2019-1025 No No More Likely More Likely Important 6.5 5.9
Windows Elevation of Privilege Vulnerability
CVE-2019-1064 Yes No More Likely More Likely Important 7.8 7.0
Windows Event Viewer Information Disclosure Vulnerability
CVE-2019-0948 No No Less Likely Less Likely Moderate 4.7 4.2
Windows GDI Information Disclosure Vulnerability
CVE-2019-1009 No No Important 4.7 4.2
CVE-2019-1010 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-1011 No No Important 4.7 4.2
CVE-2019-1012 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-1013 No No Important 4.7 4.2
CVE-2019-1015 No No Important 4.7 4.2
CVE-2019-1016 No No Important 4.7 4.2
CVE-2019-1046 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-1047 No No Important 4.7 4.2
CVE-2019-1048 No No Important 4.7 4.2
CVE-2019-1049 No No Important 4.7 4.2
CVE-2019-1050 No No Less Likely Less Likely Important 4.7 4.2
CVE-2019-0968 No No Important 5.5 5.0
CVE-2019-0977 No No Important 4.7 4.2
Windows Hyper-V Denial of Service Vulnerability
CVE-2019-0710 No No Less Likely Less Likely Important 6.8 6.1
CVE-2019-0711 No No Less Likely Less Likely Important 6.8 6.1
CVE-2019-0713 No No Important 6.8 6.1
Windows Hyper-V Remote Code Execution Vulnerability
CVE-2019-0620 No No Less Likely Less Likely Critical 7.6 6.8
CVE-2019-0709 No No Less Likely Less Likely Critical 7.6 6.8
CVE-2019-0722 No No Less Likely Less Likely Critical 8.8 7.9
Windows Installer Elevation of Privilege Vulnerability
CVE-2019-0973 Yes No Less Likely Less Likely Important 7.8 7.0
Windows Kernel Elevation of Privilege Vulnerability
CVE-2019-1041 No No More Likely More Likely Important 7.0 6.3
CVE-2019-1065 No No More Likely More Likely Important 7.8 7.0
Windows Kernel Information Disclosure Vulnerability
CVE-2019-1039 No No Less Likely Less Likely Important 5.5 5.0
Windows NTLM Tampering Vulnerability
CVE-2019-1040 No No Less Likely Less Likely Important 5.3 4.8
Windows Network File System Elevation of Privilege Vulnerability
CVE-2019-1045 No No Important 7.8 7.0
Windows Secure Kernel Mode Security Feature Bypass Vulnerability
CVE-2019-1044 No No Important 5.3 4.8
Windows Shell Elevation of Privilege Vulnerability
CVE-2019-1053 Yes No More Likely More Likely Important 6.3 5.7
Windows Storage Service Elevation of Privilege Vulnerability
CVE-2019-0983 No No More Likely More Likely Important 7.8 7.0
CVE-2019-0998 No No More Likely More Likely Important 7.8 7.0
Windows User Profile Service Elevation of Privilege Vulnerability
CVE-2019-0986 No No More Likely More Likely Important 6.3 5.7