Friday, January 15, 2021
  • The Remote Phish: No Strings Attached
  • Druva Receives Cyber Catalyst Designation for Outstanding Product Security and Ability to Combat Ransomware
  • How Are Cybercriminals Stealing Business Data?
  • Code42 and LogRhythm Partner to Protect Against Insider Threats
  • Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • MediaOps Inc.
    • DevOps.com
    • Container Journal
    • Digital Anarchist
    • SweetCode.io
  • Media Kit

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » VERT Threat Alert: June 2019 Patch Tuesday Analysis

VERT Threat Alert: June 2019 Patch Tuesday Analysis

by Tyler Reguly on June 11, 2019

Today’s VERT Alert addresses Microsoft’s June 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-835 on Wednesday, June 12th.

In-The-Wild & Disclosed CVEs

CVE-2019-1053

An issue where Windows Shell fails to properly validate folder shortcuts could lead to sandbox escape. The attacker would require the ability to execute code on the system to exploit this vulnerability. This appears to be the SandboxEscaper IE 11 Sandbox Escape documented by Bleeping Computer.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-1064

An attacker who is logged into a system could take advantage of a flaw in the Windows AppX Deployment Service (AppXSVC) to gain control of an impacted system. This flaw exists due to AppXSVC failing to properly handle hard links. This appears to be part of the SandboxEscaper zero-day releases documented by Bleeping Computer.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-1069

A file operation validation flaw in the Task Schedule Service can lead to elevated privileges on a system. This appears to be part of the SandboxEscaper zero-day releases documented by Bleeping Computer.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-0973

This vulnerability allows privilege escalation because the Windows Installer can insecurely load libraries due to a failure to properly sanitize input. Successful exploitation would lead to a full compromise of the system. This appears to be part of the SandboxEscaper zero-day releases documented by Bleeping Computer.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-june-2019-patch-tuesday/

June 11, 2019June 11, 2019 Tyler Reguly VERT
  • ← Re-Hashed: Phishing Email Examples — The Best & Worst
  • Luke Kingma and Lou Patrick-Mackay’s Futurism: “Blenders” →

TechStrong TV – Live

Watch latest episodes and shows
Featured Blog

Eric Kedrosky

The Future of Multi-Cloud Security: A Look Ahead at Intelligent Cloud Security Posture Management Solutions

Eric Kedrosky

Identity Risk: Identifying a Misconfigured IAM Trust Policy

Sonrai Security Marketing

Sonrai Security Closes 2020 with Record Growth and Customer Momentum

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Hackers Didn’t Only Use SolarWinds to Break In, Says CISA
How Hyperautomation Takes the Worry Out of Remote Work
How Logging Eliminates Security Blindspots to Better Identify Threats
Data Privacy Day: Understanding COVID-19’s Impact
4 Steps to Mitigate Future Healthcare Cyberattacks
DEF CON 28 Safe Mode Lock Picking Village – N∅thing’s ‘How I Defeated The Western Electric 30C’
Trend Micro Employs Serverless Computing to Scan Cloud Files for Malware
Parler data scraped and archived by online activists
3 Steps for Secure Digital Transformation
Wawa Data Breach: A Lesson in the Consequences of Data Security Failures

Upcoming Webinars

Tue 19

A New Year’s Ransomware Resolution

January 19 @ 1:00 pm - 2:00 pm
Tue 19

Shift Left with NGINX Layer 7 Security

January 19 @ 10:00 pm - 11:00 pm
Wed 20

Vulnerability Discovery in the Cloud

January 20 @ 3:00 pm - 4:00 pm
Thu 21

Next Generation Vulnerability Assessment Using Datadog and Snyk

January 21 @ 1:00 pm - 2:00 pm
Mon 25

Security Challenges and Opportunities of Remote Work

January 25 @ 1:00 pm - 2:00 pm
Tue 26

Preventing Code Tampering & Verifying Integrity Across Your SDLC

January 26 @ 1:00 pm - 2:00 pm
Thu 28

Protecting Cloud-Native Apps and APIs in Kubernetes Environments

January 28 @ 1:00 pm - 2:00 pm
Feb 03

Too Close to the Sun(burst): A Supply Chain Compromise

February 3 @ 11:00 am - 12:00 pm
Feb 04

Lessons from the FinTech Trenches: Securing APIs at Finastra

February 4 @ 3:00 pm - 4:00 pm
Feb 10

Finding Vulnerabilities in Your Cloud Native Applications Before They Find You!

February 10 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

7 Must-Read eBooks for Security Professionals

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Your Quantum-Safe Migration Journey Begins with a Single Step
CISO Suite Cybersecurity Data Security Industry Spotlight Security Boulevard (Original) Threats & Breaches 

Your Quantum-Safe Migration Journey Begins with a Single Step

January 15, 2021 Paul Lucier | Yesterday 0
4 Steps to Mitigate Future Healthcare Cyberattacks
Cybersecurity Data Security Governance, Risk & Compliance Incident Response Industry Spotlight IoT & ICS Security Network Security Security Boulevard (Original) Threat Intelligence 

4 Steps to Mitigate Future Healthcare Cyberattacks

January 13, 2021 Jonathan Langer | 2 days ago 0
How Hyperautomation Takes the Worry Out of Remote Work
Cybersecurity Governance, Risk & Compliance Industry Spotlight Network Security Security Boulevard (Original) 

How Hyperautomation Takes the Worry Out of Remote Work

January 11, 2021 Chris Goettl | 4 days ago 0

Top Stories

Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?
Analytics & Intelligence Cybersecurity Featured Incident Response Malware Mobile Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Revealed: Sophisticated ‘Watering Hole’ Attack – But By Whom?

January 15, 2021 Richi Jennings | Yesterday 0
Hackers Didn’t Only Use SolarWinds to Break In, Says CISA
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Featured Incident Response Malware Network Security News Security Boulevard (Original) Spotlight Threat Intelligence Threats & Breaches Vulnerabilities 

Hackers Didn’t Only Use SolarWinds to Break In, Says CISA

January 11, 2021 Richi Jennings | 4 days ago 0
WhatsApp/Facebook Data Sharing: Pants On Fire?
Application Security Cyberlaw Cybersecurity Data Security Featured News Security Boulevard (Original) Spotlight 

WhatsApp/Facebook Data Sharing: Pants On Fire?

January 7, 2021 Richi Jennings | Jan 07 0

Security Humor

via   the  Comic Noggins  of   Nitrozac     and     Snaggy     at     The Joy of Tech®   !

The Joy of Tech® ‘Search And Rescue!’

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy
  • DMCA Compliance Statement

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2021 MediaOps Inc. All rights reserved.
Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.