Microsoft fixes 88 vulnerabilities, including four zero days, in June 2019 Patch Tuesday

Of 88 vulnerabilities, 66 are rated as 'important'

Microsoft has released the latest round of 'Patch Tuesday' updates for Windows 10, fixing four zero days and 21 critical flaws.

In total, 88 vulnerabilities are patched in the latest release, of which 66 are rated as "important" while one is "moderate" flaw.

According to Microsoft, none of the publically disclosed zero days, or other vulnerabilities, was found to be publically exploited in the wild.

Cloud & Infrastructure Live 2019 returns to London on 19th September 2019. Learn about the latest technologies in cloud, how to keep one step ahead of the regulators, and network with an audience of IT leaders and senior IT pros. The event will include keynotes, panel discussions, case studies, and strategic and technical streams. Best of all, the event is FREE to qualifying attendees. Secure your place now.

Attending Cloud & Infrastructure Live 2019 already? Why not enter the Computing Cloud Excellence Awards that will be celebrated in the evening, too?

The company has advised all users to install the security updates immediately to protect Windows from these security risks.

The four publicly disclosed vulnerabilities patched in the security update appear to be those posted by SandboxEscaper to her GitHub page last month.

These vulnerabilities are:

• CVE-2019-1069: The bug, which affects Windows Task Scheduler in Windows 10, Server 2016 and later versions, has raised the most concern among security experts. It could allow elevation of privilege on affected systems, according to Microsoft.
• CVE-2019-1064: Windows elevation of privilege vulnerability affecting Windows 10, Server 2016 and later.
• CVE-2019-1053: Windows Shell elevation of privilege vulnerability affects all currently supported Windows operating systems. It could create elevation of privilege conditions on affected systems by escaping a sandbox.
• CVE-2019-0973: Windows Installer vulnerability could enable elevation of privilege on the affected systems through wrong sanitisation of input from loaded libraries.

Microsoft said that two bugs, CVE-2019-1019 and CVE-2019-1040, patched in the latest update could enable attackers to remotely run malicious code on any Windows machine. They could also enable hackers to authenticate to any web server supporting Windows Integrated Authentication.

In addition to the security updates, Microsoft has also released servicing stack update ADV990001 and four advisories.

The advisories include updated drivers and software to fix security flaws in third-party software and hardware.

In one advisory, Microsoft explained that it was blocking some selected Bluetooth Low Energy (BLE) FIDO security keys with known pairing vulnerability. The pairing of certain weak BLE security keys will be blocked at the OS level.

The vulnerability in the BLE pairing protocol was unearthed earlier this year by Microsoft security researchers.

The Broadcom wireless network driver has also been updated to fix multiple vulnerabilities, according to Microsoft.

Delta is a new market intelligence service from Computing to help CIOs and other IT decision makers make smarter purchasing decisions - decisions informed by the knowledge and experience of other CIOs and IT decision makers.

Delta is free from vendor sponsorship or influence of any kind, and is guided by a steering committee of well-known CIOs, such as Charles Ewen, Christina Scott, Steve Capper and Laura Meyer.

Ten crucial technology areas are already covered at launch, with more data appearing and more areas being covered every week. Sign-up here for your free trial of the Computing Delta website.