June’s Patch Tuesday: fix 96 vulnerabilities on your computer

Microsoft released critical and important updates for Windows

June’s Patch Tuesday: 96 vulnerabilities that have to be fixed on your computer

Microsoft released security patches[1] for 96 security vulnerabilities in Windows operating system, Internet Explorer and Microsoft Edge web browser, Office products, Microsoft Hyper-V, Microsoft Uniscribe, and Windows Graphics.

This month corporation did not forget customers who are still using unsupported versions of Windows, such as Windows XP or Vista. Undoubtedly, this generous act is based on the massive WannaCry attack in the middle of May.[2]

Users who have enabled automatic updates on supported Windows versions have already received their June’s Patch. However, if you use older versions than Windows 8.1 and Windows 10, you should take care of your device immediately and install recent updates.

Special updates for unsupported Windows versions

In order to prevent users from the hazardous WannaCry attack, Microsoft decided to include patches for Windows XP[3] and Vista that hasn’t received any updates or support for years.

The corporation released three critical security updates for Windows XP and Windows Server 2003: KB4025218, KB4024323, and KB4022747. Updates fix Microsoft Windows OLE, RPC, and Remote Desktop Protocol (RDP) vulnerabilities.

These updates should help numerous organizations and institutions that are often to do not pay enough attention or financial resources to use up-to-date software. Therefore, unsupported OS users should hurry up and take advantage of Microsoft’s generosity.[4]

Critical security updates helps to prevent current cyber threats

Microsoft released several critical updates that prevent attackers from taking over the computer via a network connection. The two major security updates fix Windows Search Remote Code Execution (CVE-2017-8543), LNK Remote Code Execution (CVE-2017-8464) and Windows Uniscribe Remote Code Execution (CVE-2017-8527, CVE-2017-8528, and CVE-2017-0283) vulnerabilities.

With the help with these vulnerabilities, creators of the WannaCry managed to exploit Window’s Server Message Block (SMB) flaw[5] and launch a massive cyber attack. Thus, these patches are crucial in ransomware prevention.

June’s patches also provide updates for Windows PDF service. Windows PDF Remote Code Execution Vulnerabilities (CVE-2017-0291, CVE-2017-0292, and CVE-2017-0294) allows the attackers to install malicious code if a user opens a crafted PDF file.

Internet Explorer and Microsoft Edge also received critical security updates. The majority of them covers Scripting Engine Memory vulnerabilities. Microsoft’s browsers also received several important updates that make browsing the Web safer.

Other updates to keep your computer secured

June’s patches also include numerous vulnerabilities that are marked as “important.” Usually, these flaws cannot be used for a direct attack. However, they are often used together with critical vulnerabilities. For instance, infected Microsoft Word files are widely used in ransomware attacks.

Indeed, several of important updates are dedicated for Office products: Microsoft Office Remote Code Execution, Memory Corruption, Security Feature Bypass, etc. These flaws allow attackers to take control over the computer by tricking users into opening a specially crafted MS Office document.

We want to remind that if you disabled automatic updates or they are not available on the OS, you should install them manually. Patches help to protect the computer, data and your privacy from current cyber threats.

About the author
Olivia Morelli
Olivia Morelli - Ransomware analyst

Olivia Morelli is News Editor at 2-Spyware.com. She covers topics such as computer protection, latest malware trends, software vulnerabilities, data breaches, and more.

Contact Olivia Morelli
About the company Esolutions