Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Microsoft releases its June edition of Patch Tuesday

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

June 10, 2015

Click here to order the best deal on a HP enterprise dedicated server and at a great price.

As it always does the second Tuesday of the month, Microsoft has released its June edition of Patch Tuesday, its venerable Windows operating system security update.

This month's package includes no less than 8 security bulletins, two rated critical and six rated as important.

Users and system admins are advised to test and install the updates as soon as possible to prevent attacks. Already this morning there's been a few reports of issues with the patches concerning Windows 7 on at least two Asian-made laptops.

1) MS15-056 -- A cumulative patch for Internet Explorer versions 6-11. It addresses 24 CVE-listed security flaws. Rated "critical" for remote code execution risks, but Windows Server installations are considered a lower risk as IE is rarely used with those systems.

Discovery was credited to sixteen researchers, including members of the HP ZeroDay Initiative, NSFOCUS Security Team and Palo Alto Networks.

2) MS15-057 -- A Windows update to address a single flaw in Media Player for Windows Vista and Windows 7 and Windows Server 2003 through 2008 R2. Opening a web page that plays a maliciously crafted video will trigger the bug, which can be exploited to hijack the machine.

The bulletin is rated "critical" for remote code execution. Microsoft credited someone called bitou in spotting the security vulnerability.

3) MS15-059 -- This buletin addresses no less than 3 CVE-listed security vulnerabilities in Microsoft Office Compatibility Service Pack 3, Office 2010, 2013, and 2013 RT. Remote code execution is possible, but the security bulletin is only rated "important" as the user would need to manually open a maliciously crafted Office file.

Discovery was credited to Ben Hawkes of Google Project Zero and Yong Chuan Koh of MWR Labs.

4) MS15-060 -- A remote code execution security issue in the Microsoft Common Controls component for Windows Vista and later, and Windows Server 2008 and later. Clicking on a malicious link and invoking the F12 Developer Tools in Internet Explorer will trigger the bug.

The bulletin has been rated as "important" for all versions.

5) MS15-061 -- A total of eleven CVE-listed security vulnerabilities in the kernel-mode drivers for all Windows systems from Vista and Server 2003 and later. The bulletin is rated as "important" for information disclosure, denial of service attacks and elevation of privilege risks.

Microsoft credited researchers Guo Pengfei of Qihoo 360, KK of Tencent's Xuanwu LAB, Nils Sommer of bytegeist and Google Project Zero, Maxim Golovkin of Kaspersky Lab and the enSilo Research Team for spotting the vulnerabilities.

6) MS15-062 -- An elevation of privilege security vulnerability in the Active Directory Federation Services component for Windows Server 2008, 2008 R2, and 2012. Rated "important" and can cause significant damage to data if not patched soon.

Its discovery was credited to John Hollenberger and Tate Hansen from FishNet Security.

7) MS15-063 -- An elevation of privilege vulnerability in the Windows kernel. The security issue applies to Windows Vista and later, and Windows Server 2008, and later. The bulletin is rated as "important" and replaces MS14-019.

Discovery was credited to Takashi Yoshikawa of Mitsui Bussan of Secure Directions Inc.

8) MS15-064 -- Three elevation of privilege vulnerabilities in Exchange Server 2013. Rated "important" and can cause real issues with email messaging, especially as it concerns Exchange Server.

Infosec's Chris Goettl told us today that there seems to be at least one security patch missing from Tuesday's batch.

"June patches are just releasing and there is a placeholder, but currently there is no MS15-058 security bulletin," Goettl said. "We will have to wait and see if anything comes of this, such as an out of band or a late drop."

Adobe is also releasing a scheduled security update, most likely for this week. Their patch addresses no less than thirteen CVE-listed security vulnerabilities in Flash Player for Windows, OS X and Linux systems.

The update is also being listed as a top priority for all three platforms. Users running AIR Desktop Runtime, AIR SDK and AIR for Android should also update, though those are considered to be a lower risk, according to some in the industry.

Source: Microsoft.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer