Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Roundup for Microsoft's June 2019 Patch Tuesday

The SandboxEscaper privilege escalation bugs are among the nearly 90 vulnerabilities patched in Microsoft’s June 2019 Security Updates. Here’s what you need to know.

Microsoft’s June 2019 Security Updates have been released, with nearly 90 vulnerabilities patched in this update, 21 of which are critical.

SandboxEscaper Privilege Escalation Bugs Patched

This month’s release contains fixes for the four local privilege escalation zero-day vulnerabilities disclosed by SandboxEscaper at the end of May 2019.

CVE-ID Description Vulnerability Name
CVE-2019-1069 Addresses an elevation of privilege vulnerability in the way the Task Scheduler Service validates file operations. bearlpe
CVE-2019-0973 Addresses an elevation of privilege vulnerability in the Windows Installer due to insufficient sanitization of inputs. InstallerBypass
CVE-2019-1064 Addresses an elevation of privilege vulnerability that affects how Windows AppX Deployment Service (AppXSVC) handles hard links. This vulnerability addresses the bypass of CVE-2019-0841, which was patched in the April Patch Tuesday release. CVE-2019-0841 BYPASS
CVE-2019-1053 Addresses an elevation of privilege vulnerability in Windows Shell, which impacts how it validates folder shortcuts. Sandbox Escape in Internet Explorer 11

CVE-2019-0888 | ActiveX Data Objects (ADO) Remote Code Execution Vulnerability

An ActiveX vulnerability (CVE-2019-0888) was discovered that could allow an attacker to run code on the victim’s machine if said victim visited a malicious website.

If your organization blocks ActiveX objects from running in your user’s browsers, that would prevent this vulnerability from being exploited, but we always recommend applying patches ASAP.

CVE-2019-1019 | Microsoft Windows Security Feature Bypass Vulnerability

A vulnerability in the NETLOGON service (CVE-2019-1019) would allow a man-in-the-middle attack to obtain session keys from a user’s logon session, and log into the same target machine as the legitimate user.

Tenable Solutions

Users can create scans that focus specifically on our Patch Tuesday plugins. From a new advanced scan, in the plugins tab, set an advanced filter for Plugin Name Contains June 2019.

Microsoft June 2019 Security Update Patch Tuesday Tenable Plugins

With that filter set, click on the plugin families to the left, and enable each plugin that appears on the right side. Note that if your families on the left say Enabled then that means all of the plugins in that family are set. Disable the whole family before selecting the individual plugins for this scan. Here’s an example from Tenable.io:

Microsoft June 2019 Security Updates Patch Tuesday Tenable.io plugins

A public list of all of the plugins for Tenable’s June 2019 Patch Tuesday update can be found here as they're released.

Learn more:

Subscribe to the Tenable Blog

Subscribe
Try for Free Buy Now

Try Tenable.io

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275.00

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 60 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578.00

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 60 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.