VERT Threat Alert: June 2019 Patch Tuesday Analysis | Tripwire

VERT Threat Alert: June 2019 Patch Tuesday Analysis

Posted on June 11, 2019
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Today’s VERT Alert addresses Microsoft’s June 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-835 on Wednesday, June 12th.

In-The-Wild & Disclosed CVEs

CVE-2019-1053

An issue where Windows Shell fails to properly validate folder shortcuts could lead to sandbox escape. The attacker would require the ability to execute code on the system to exploit this vulnerability. This appears to be the SandboxEscaper IE 11 Sandbox Escape documented by Bleeping Computer. Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-1064

An attacker who is logged into a system could take advantage of a flaw in the Windows AppX Deployment Service (AppXSVC) to gain control of an impacted system. This flaw exists due to AppXSVC failing to properly handle hard links. This appears to be part of the SandboxEscaper zero-day releases documented by Bleeping Computer. Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-1069

A file operation validation flaw in the Task Schedule Service can lead to elevated privileges on a system. This appears to be part of the SandboxEscaper zero-day releases documented by Bleeping Computer. Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-0973

This vulnerability allows privilege escalation because the Windows Installer can insecurely load libraries due to a failure to properly sanitize input. Successful exploitation would lead to a full compromise of the system. This appears to be part of the SandboxEscaper zero-day releases documented by Bleeping Computer. Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.
Tag
CVE Count
CVEs
Team Foundation Server
1
CVE-2019-0996
Windows NTLM
1
CVE-2019-1019
Windows Hyper-V
1
CVE-2019-0620
Microsoft JET Database Engine
7
CVE-2019-0904, CVE-2019-0905, CVE-2019-0906, CVE-2019-0907, CVE-2019-0908, CVE-2019-0909, CVE-2019-0974
VBScript
1
CVE-2019-1005
Microsoft Windows
17
CVE-2019-0888, CVE-2019-0943, CVE-2019-0948, CVE-2019-0959, CVE-2019-0984, CVE-2019-0709, CVE-2019-0710, CVE-2019-0711, CVE-2019-0713, CVE-2019-0722, CVE-2019-0983, CVE-2019-0998, CVE-2019-1025, CVE-2019-1043, CVE-2019-1045, CVE-2019-1064, CVE-2019-1069
Kerberos
1
CVE-2019-0972
Microsoft Edge
1
CVE-2019-1054
Microsoft Graphics Component
17
CVE-2019-1009, CVE-2019-1010, CVE-2019-1011, CVE-2019-1012, CVE-2019-1013, CVE-2019-1015, CVE-2019-1016, CVE-2019-1018, CVE-2019-1046, CVE-2019-1047, CVE-2019-1048, CVE-2019-1049, CVE-2019-1050, CVE-2019-0960, CVE-2019-0968, CVE-2019-0977, CVE-2019-0985
Microsoft Browsers
2
CVE-2019-1038, CVE-2019-1081
Windows IIS
1
CVE-2019-0941
Windows Installer
1
CVE-2019-0973
Windows Kernel
6
CVE-2019-1014, CVE-2019-1017, CVE-2019-1039, CVE-2019-1041, CVE-2019-1044, CVE-2019-1065
Windows Media
6
CVE-2019-1007, CVE-2019-1021, CVE-2019-1022, CVE-2019-1026, CVE-2019-1027, CVE-2019-1028
Windows Authentication Methods
1
CVE-2019-1040
Skype for Business and Microsoft Lync
1
CVE-2019-1029
Windows Shell
2
CVE-2019-0986, CVE-2019-1053
Microsoft Office
2
CVE-2019-1034, CVE-2019-1035
Microsoft Scripting Engine
15
CVE-2019-0988, CVE-2019-0989, CVE-2019-1055, CVE-2019-0920, CVE-2019-0990, CVE-2019-0991, CVE-2019-0992, CVE-2019-0993, CVE-2019-1002, CVE-2019-1003, CVE-2019-1023, CVE-2019-1024, CVE-2019-1051, CVE-2019-1052, CVE-2019-1080
Microsoft Office SharePoint
4
CVE-2019-1036, CVE-2019-1031, CVE-2019-1032, CVE-2019-1033
 

Other Information

In addition to the Microsoft vulnerabilities included in the June Security Guidance, several advisories were released today.

June 2019 Adobe Flash Update [ADV190015]

Microsoft released an update for Adobe Flash. This corresponds with Adobe Update APSB19-30, which includes a fix for CVE-2019-7845.

Bluetooth Low Energy Advisory [ADV190016]

Microsoft has released an update to block the pairing of BLE versions of FIDO security keys due to a misconfiguration in the Bluetooth pairing protocol which could allow an attacker to communicate with the key or the pair device. Attackers would require close physical proximity to the device in order to successfully exploit this vulnerability.

Microsoft HoloLens Remote Code Execution Vulnerabilities [ADV190017]

Microsoft has released an update for the Microsoft HoloLens to resolve 4 vulnerabilities (CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503) that allow attackers with close physical proximity to the device to exploit the Broadcom wireless chipset.

Microsoft Exchange Server Defense in Depth Update [ADV190018]

Microsoft has released a defense in depth update for Microsoft Exchange Server. There are updates available for all versions since Microsoft Exchange Server 2010.
Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!