Microsoft And Adobe Released Security Updates
The Critical Security Vulnerabilities for Microsoft And Adobe Patched, June 2019. [Update Now]
For Microsoft
Microsoft has patched 88 security vulnerabilities, including 21 are critical and remaining others rated in severity to update.
In June 2019, the release consists of security updates for the following software:
- Adobe Flash Player
- Microsoft Windows
- Internet Explorer
- Microsoft Edge
- Microsoft Office and Microsoft Office Services and Web Apps
- ChakraCore
- Skype for Business and Microsoft Lync
- Microsoft Exchange Server
- Azure
One of the Vulnerability still remain UNPATCHED
According to issue,
There’s a bug in the SymCrypt multi-precision arithmetic routines that can cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric.
The Vulnerability was reported to Microsoft 90 days ago, by Tavis Ormandy, security researcher at Google Zero Day.
“I’ve been able to construct an X.509 certificate that triggers the bug. I’ve found that embedding the certificate in an S/MIME message, authenticode signature, schannel connection, and so on will effectively DoS any windows server (e.g. ipsec, iis, exchange, etc) and (depending on the context) may require the machine to be rebooted,” Ormandy said.
MSRC reached out and noted that the patch won’t release and wouldn’t be ready until the July release due to issues found in testing.
Update Your Windows now
Just go to Settings -> Update and Security -> Windows Update -> Check for updates on your computer, or you can install these updates manually.
For ADOBE
For Adobe Patches 11 security vulnerabilities in June 2019 software updates for Adobe ColdFusion, Flash Player, and Adobe Campaign.
Patched ColdFusion Flaws,
- CVE-2019-7838 — This vulnerability has been categorized as “File extension blacklist bypass” and can be exploited if the file uploads directory is web accessible.
- CVE-2019-7839 — There’s a command injection vulnerability in ColdFusion 2016 and 2018 editions, but it does not impact ColdFusion version 11.
- CVE-2019-7840 — This flaw originates from the deserialization of untrusted data and also leads to arbitrary code execution on the system.
Including critical Arbitrary Code Execution Vulnerability CVE number CVE-2019-7845
Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user.
The (CVE-2019-7843) critical flaw in Adobe Campaign Classic (ACC) could allow attackers to execute commands on the affected systems for Windows and Linux through arbitrary code execution flaw, affected version 18.10.5-8984 (and earlier versions).