Microsoft, Adobe and SAP have all released their latest Patch Tuesday batch of security fixes.

Windows admins get ready to test or install the latest patches and security updates released by Microsoft. Fixes for four publicly revealed flaws are included in this month’s updates, but none of them have been exposed being actively misused.

With the announcement of the June 2019 security updates, Microsoft has issued 4 advisories, 1 servicing stack update, and updates for 88 flaws, with 21 being termed as Critical. Some of the advisories include restructured drivers and software that fix flaws in 3rd-party hardware and software, such as Adobe Flash Player.

On the other hand, Adobe repaired serious command injection, file extension blacklist bypass and deserialization issues that can result in random code implementation.

The flaws were reported to the software behemoth by Badcode of Knownsec 404 Team, Moritz Bechler of SySS GmbH, and Brenden Meeder of Booz Allen Hamilton. They influence ColdFusion 2016, 2018 and 11, and distinct updates have been issued for each version.

The company also apprised users that distant access to the Adobe LiveCycle Data Management feature has been disabled by default due to security risks.

Security experts are also reported to have caught a flaw, CVE-2019-0941, a denial-of-service susceptibility in Microsoft’s IIS web server that would possibly let an attacker to exhaust the service by maltreating the software’s request filtering feature.

And for those running SAP platforms, June brings with it 11 security notes, including Note 2748699 stating an information revelation virus in Solution Manager that could let an attacker produce new privileged accounts and Note 2637997, a cross-site scripting flaw in BusinessObjects.

“A remote unauthenticated attacker could craft a malicious URL capable of running arbitrary JavaScript code in the victim’s web browser, potentially allowing the attacker to have administrative access,” explained Sebastian Bortnik, director of research with Onapsis, a security company specializing in tools and services for SAP.

If you are updating your Adobe, SAP or Microsoft software, you ought to always check mobile devices for the latest Android security updates posted last week.

Leave a Reply

Your email address will not be published. Required fields are marked *