Friday, July 1, 2022
  • The Different Types of Password Attacks: An Overview
  • New and Expanded Free Sonatype Learning Resources
  • Vulnerability & Patch Roundup — June 2022
  • API Vulnerability on Cryptocurrency Platform Could have Allowed Large-scale Account Takeover
  • Cybersecurity Awareness: Definition, Importance, Purpose and Challenges

Security Boulevard Logo

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Events
    • Upcoming Events
    • Upcoming Webinars
    • On-Demand Events
    • On-Demand Webinars
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library
  • Related Sites
    • Techstrong Group
    • Container Journal
    • DevOps.com
    • Security Boulevard
    • Techstrong Research
    • Techstrong TV
    • Devops Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About Us

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » VERT Threat Alert: June 2019 Patch Tuesday Analysis

SBN

VERT Threat Alert: June 2019 Patch Tuesday Analysis

by Tyler Reguly on June 11, 2019

Today’s VERT Alert addresses Microsoft’s June 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-835 on Wednesday, June 12th.

DevOps Connect:DevSecOps @ RSAC 2022

In-The-Wild & Disclosed CVEs

CVE-2019-1053

An issue where Windows Shell fails to properly validate folder shortcuts could lead to sandbox escape. The attacker would require the ability to execute code on the system to exploit this vulnerability. This appears to be the SandboxEscaper IE 11 Sandbox Escape documented by Bleeping Computer.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-1064

An attacker who is logged into a system could take advantage of a flaw in the Windows AppX Deployment Service (AppXSVC) to gain control of an impacted system. This flaw exists due to AppXSVC failing to properly handle hard links. This appears to be part of the SandboxEscaper zero-day releases documented by Bleeping Computer.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-1069

A file operation validation flaw in the Task Schedule Service can lead to elevated privileges on a system. This appears to be part of the SandboxEscaper zero-day releases documented by Bleeping Computer.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-0973

This vulnerability allows privilege escalation because the Windows Installer can insecurely load libraries due to a failure to properly sanitize input. Successful exploitation would lead to a full compromise of the system. This appears to be part of the SandboxEscaper zero-day releases documented by Bleeping Computer.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-june-2019-patch-tuesday/

June 11, 2019June 11, 2019 Tyler Reguly VERT
  • ← Re-Hashed: Phishing Email Examples — The Best & Worst
  • Luke Kingma and Lou Patrick-Mackay’s Futurism: “Blenders” →

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Most Read on the Boulevard

ADPPA US Privacy Law: Coming Soon in Wake of Roe v. Wade Redo
House Passes ICS Cybersecurity Training Act
Russian Hackers Declare War on Lithuania — Killnet DDoS Panic
Using AI and ML to Fight Zero-Day Attacks
Hermit Previews Sophisticated Spyware To Come
How Should API Keys be Stored?
Skimming, Shimming, and Threat Intel: The Relevance of Physical Fraud in Today’s Threat Landscape 
Secure Software Development – SDLC Best Practices
Top 5 Myths Of Cyber Security Debunked
Software Development Outsourcing Will Grow 70% by Next Year 2023 [Forecast]

Upcoming Webinars

Tue 19

Finding the Ransomware Threat INSIDE Your Backups

July 19 @ 3:00 pm - 4:00 pm
Mon 25

Applying the 2022 Open Source Findings to Software Supply Chain Risk Management

July 25 @ 3:00 pm - 4:00 pm
Wed 27

How to Shift Security Left: Best Practices From a Fortune 500 DevSecOps Leader

July 27 @ 1:00 pm - 2:00 pm
Aug 30

CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together

August 30 @ 1:00 pm - 2:00 pm

More Webinars

Download Free eBook

The State of Cloud Native Security 2020

Industry Spotlight

HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook
Analytics & Intelligence Application Security Cloud Security Cyberlaw Cybersecurity Data Security Endpoint Featured Governance, Risk & Compliance Identity & Access Incident Response Industry Spotlight Most Read This Week Network Security News Popular Post Security Boulevard (Original) Spotlight Threats & Breaches Vulnerabilities 

HIPAA FAIL: ~33% of Hospital Websites Send PII to Facebook

June 17, 2022 Richi Jennings | Jun 17 0
Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity
Cybersecurity Governance, Risk & Compliance Industry Spotlight IoT & ICS Security Security Awareness Security Boulevard (Original) Threat Intelligence 

Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity

May 23, 2022 Mike Hodge | May 23 Comments Off on Cars in the Crosshairs: Automakers, Regulators Take on Cybersecurity
Establishing a Root of Trust in Embedded Linux and IoT
Cybersecurity Endpoint Industry Spotlight IoT & ICS Security Security Boulevard (Original) Vulnerabilities 

Establishing a Root of Trust in Embedded Linux and IoT

April 18, 2022 Anita Buehrle | Apr 18 Comments Off on Establishing a Root of Trust in Embedded Linux and IoT

Top Stories

Google Launches Advanced API Security to Combat API Threats 
Featured News Security Boulevard (Original) Spotlight 

Google Launches Advanced API Security to Combat API Threats 

June 30, 2022 Nathan Eddy | Yesterday 0
GAO: CISA, Treasury Must Assess Critical Infrastructure Risks
Cyberlaw Cybersecurity Governance, Risk & Compliance Incident Response News Security Awareness Security Boulevard (Original) Threat Intelligence 

GAO: CISA, Treasury Must Assess Critical Infrastructure Risks

June 30, 2022 George V. Hulme | Yesterday 0
Palo Alto Networks Expands Web App and API Security Options
Application Security Cybersecurity Featured Network Security News Security Boulevard (Original) Spotlight 

Palo Alto Networks Expands Web App and API Security Options

June 30, 2022 Michael Vizard | Yesterday 0

Security Humor

XKCD 'Periodic Table Changes’

XKCD ‘Periodic Table Changes’

Security Boulevard Logo White

DMCA

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: [email protected]

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • DMCA Compliance Statement
  • Privacy Policy

Related Sites

  • Techstrong Group
  • Container Journal
  • DevOps.com
  • Techstrong Research
  • Techstrong TV
  • DevOps Chat
  • DevOps Dozen
  • DevOps TV
  • Digital Anarchist
Powered by Techstrong Group
Copyright © 2022 Techstrong Group Inc. All rights reserved.