Microsoft And Adobe Released Patch Updates For June 2019

Microsoft and Adobe Security Patch
Microsoft and Adobe Security Patch

Microsoft And Adobe Released Security Updates

The Critical Security Vulnerabilities for Microsoft And Adobe Patched, June 2019. [Update Now]

  • For Microsoft

Microsoft has patched 88 security vulnerabilities, including 21 are critical and remaining others rated in severity to update.

In June 2019, the release consists of security updates for the following software:

  • Adobe Flash Player
  • Microsoft Windows
  • Internet Explorer
  • Microsoft Edge
  • Microsoft Office and Microsoft Office Services and Web Apps
  • ChakraCore
  • Skype for Business and Microsoft Lync
  • Microsoft Exchange Server
  • Azure

One of the Vulnerability still remain UNPATCHED

According to issue,
There’s a bug in the SymCrypt multi-precision arithmetic routines that can cause an infinite loop when calculating the modular inverse on specific bit patterns with bcryptprimitives!SymCryptFdefModInvGeneric.

The Vulnerability was reported to Microsoft 90 days ago, by Tavis Ormandy, security researcher at Google Zero Day.

“I’ve been able to construct an X.509 certificate that triggers the bug. I’ve found that embedding the certificate in an S/MIME message, authenticode signature, schannel connection, and so on will effectively DoS any windows server (e.g. ipsec, iis, exchange, etc) and (depending on the context) may require the machine to be rebooted,” Ormandy said.

MSRC reached out and noted that the patch won’t release and wouldn’t be ready until the July release due to issues found in testing.

Update Your Windows now 

Just go to Settings -> Update and Security -> Windows Update -> Check for updates on your computer, or you can install these updates manually.

  • For ADOBE

For Adobe Patches 11 security vulnerabilities in June 2019 software updates for Adobe ColdFusion, Flash Player, and Adobe Campaign.

Patched ColdFusion Flaws,

  • CVE-2019-7838 — This vulnerability has been categorized as “File extension blacklist bypass” and can be exploited if the file uploads directory is web accessible.
  • CVE-2019-7839 — There’s a command injection vulnerability in ColdFusion 2016 and 2018 editions, but it does not impact ColdFusion version 11.
  • CVE-2019-7840 — This flaw originates from the deserialization of untrusted data and also leads to arbitrary code execution on the system.

Including critical Arbitrary Code Execution Vulnerability CVE number CVE-2019-7845

Adobe has released security updates for Adobe Flash Player for Windows, macOS, Linux and Chrome OS. These updates address a critical vulnerability in Adobe Flash Player. Successful exploitation could lead to arbitrary code execution in the context of the current user.

The (CVE-2019-7843) critical flaw in Adobe Campaign Classic (ACC) could allow attackers to execute commands on the affected systems for Windows and Linux through arbitrary code execution flaw, affected version 18.10.5-8984 (and earlier versions).


For the latest update about Cyber and Infosec World, follow us on Twitter, Facebook, Telegram , Instagram and subscribe to our YouTube Channel.

Leave a Reply
Related Posts