Tuesday, June 25, 2019
  • Cybersecurity Surprises In The Verizon Data Breach Investigations Report
  • The Road to AWS reInforce 2019 – Unique Perspective from a Customer
  • Achieving a Managed State Model For Your Software Supply Chain
  • 15 Small Business Cyber Security Statistics That You Need to Know
  • XKCD, Stack

Security Boulevard

The Home of the Security Bloggers Network

Community Chats Webinars Library
  • Home
    • Cybersecurity News
    • Features
    • Industry Spotlight
    • News Releases
  • Security Bloggers Network
    • Latest Posts
    • Contributors
    • Syndicate Your Blog
    • Write for Security Boulevard
  • Webinars
    • Upcoming
    • On-Demand
  • Chat
    • Security Boulevard Chat
    • Marketing InSecurity Podcast
  • Library

  • Analytics
  • AppSec
  • CISO
  • Cloud
  • DevOps
  • GRC
  • Identity
  • Incident Response
  • IoT / ICS
  • Threats / Breaches
  • More
    • Blockchain / Digital Currencies
    • Careers
    • Cyberlaw
    • Mobile
    • Social Engineering
  • Humor
Security Bloggers Network 

Home » Security Bloggers Network » VERT Threat Alert: June 2019 Patch Tuesday Analysis

VERT Threat Alert: June 2019 Patch Tuesday Analysis

by Tyler Reguly on June 11, 2019

Today’s VERT Alert addresses Microsoft’s June 2019 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-835 on Wednesday, June 12th.

In-The-Wild & Disclosed CVEs

CVE-2019-1053

An issue where Windows Shell fails to properly validate folder shortcuts could lead to sandbox escape. The attacker would require the ability to execute code on the system to exploit this vulnerability. This appears to be the SandboxEscaper IE 11 Sandbox Escape documented by Bleeping Computer.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-1064

An attacker who is logged into a system could take advantage of a flaw in the Windows AppX Deployment Service (AppXSVC) to gain control of an impacted system. This flaw exists due to AppXSVC failing to properly handle hard links. This appears to be part of the SandboxEscaper zero-day releases documented by Bleeping Computer.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-1069

A file operation validation flaw in the Task Schedule Service can lead to elevated privileges on a system. This appears to be part of the SandboxEscaper zero-day releases documented by Bleeping Computer.

Microsoft has rated this as a 1 (Exploitation More Likely) on the Exploitability Index.

CVE-2019-0973

This vulnerability allows privilege escalation because the Windows Installer can insecurely load libraries due to a failure to properly sanitize input. Successful exploitation would lead to a full compromise of the system. This appears to be part of the SandboxEscaper zero-day releases documented by Bleeping Computer.

Microsoft has rated this as a 2 (Exploitation Less Likely) on the Exploitability Index.

CVE Breakdown by Tag

While historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag (Read more...)

*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tyler Reguly. Read the original post at: https://www.tripwire.com/state-of-security/vert/vert-june-2019-patch-tuesday/

June 11, 2019June 11, 2019 Tyler Reguly 0 Comments VERT
  • ← Phishing Email Examples: The best & worst
  • Luke Kingma and Lou Patrick-Mackay’s Futurism: “Blenders” →

Subscribe to our Newsletters

Get breaking news, free eBooks and upcoming events delivered to your inbox.
  • View Security Boulevard Privacy Policy

Most Read on the Boulevard

Who’s Responsible for a Cloud Breach? It Depends
Zero Trust: 3 Things to Consider
Is the Insurance Loophole the Newest Threat Vector?
Huge Ransomware FUBAR at Florida Beach Town
The Legality of Waging War in Cyberspace
Circle City Con 2019, Lisa Wallace’s ‘Beginning DFIR: How To Get Started With Cooties’
Designing a more secure future for the IoT
50 of the Best DevOps Podcasts
How organisations can effectively manage, detect and respond to a data breach?
Microsoft Group Policy Objects (GPO) Replacement

Upcoming Webinars

Thu 27

Demystifying PCI Software Security Framework: All You Need to Know for Your AppSec Strategy

June 27 @ 11:00 am - 12:00 pm
Jul 31

Get Your Secure Development Initiatives in Shape: a 30, 60, 90-day Approach

July 31 @ 11:00 am - 12:00 pm

More Webinars

Download Free eBook

Q1 2019 Report: Email Fraud & Identity Deception Trends

Recent Security Boulevard Chats

  • Cloud, DevSecOps and Network Security, All Together?
  • Security-as-Code with Tim Jefferson, Barracuda Networks
  • ASRTM with Rohit Sethi, Security Compass
  • Deception: Art or Science, Ofer Israeli, Illusive Networks
  • Tips to Secure IoT and Connected Systems w/ DigiCert

Industry Spotlight

Vendor Risk Management: The Secret Ingredient
Cybersecurity Governance, Risk & Compliance Industry Spotlight Security Boulevard (Original) 

Vendor Risk Management: The Secret Ingredient

June 24, 2019 Marc Lotti | Yesterday 0
Is the Insurance Loophole the Newest Threat Vector?
Cybersecurity Incident Response Industry Spotlight Security Boulevard (Original) 

Is the Insurance Loophole the Newest Threat Vector?

June 21, 2019 Jeff Costlow | 3 days ago 0
Who’s Responsible for a Cloud Breach? It Depends
Cloud Security Cybersecurity Industry Spotlight Security Boulevard (Original) 

Who’s Responsible for a Cloud Breach? It Depends

June 20, 2019 Scott Gordon | 4 days ago 0

Top Stories

U.S. Cyber Has Hacked Iranian Missile C&C, Say Super-Secret Sources
Cybersecurity Data Security Featured Incident Response News Security Boulevard (Original) Social Engineering Spotlight Threats & Breaches 

U.S. Cyber Has Hacked Iranian Missile C&C, Say Super-Secret Sources

June 24, 2019 Richi Jennings | Yesterday 0
Huge Ransomware FUBAR at Florida Beach Town
Cybersecurity Data Security Featured Governance, Risk & Compliance Incident Response Malware News Security Boulevard (Original) Spotlight Threats & Breaches 

Huge Ransomware FUBAR at Florida Beach Town

June 21, 2019 Richi Jennings | 3 days ago 0
Threat Stack Embeds Application Security Monitoring Tool
Cybersecurity DevOps Featured News Security Boulevard (Original) Spotlight 

Threat Stack Embeds Application Security Monitoring Tool

June 19, 2019 Michael Vizard | Jun 19 0

Security Humor

via the comic delivery system monikered Randall Munroe at XKCD !

XKCD, Stack

Join the Community

  • Add your blog to Security Bloggers Network
  • Write for Security Boulevard
  • Bloggers Meetup and Awards
  • Ask a Question
  • Email: info@securityboulevard.com

Useful Links

  • About
  • Media Kit
  • Sponsors Info
  • Copyright
  • TOS
  • Privacy Policy

Other Mediaops Sites

  • Container Journal
  • DevOps.com
  • DevOps Connect
  • DevOps Institute
Copyright © 2019 MediaOps Inc. All rights reserved.

WAF Signal Sciences application firewall security

Our website uses cookies. By continuing to browse the website you are agreeing to our use of cookies. For more information on how we use cookies and how you can disable them, please read our Privacy Policy.