Microsoft has announced its Patch Tuesday updates for June, and this month’s list of patches comes with 50 security fixes. Thankfully there are no Windows zero-day fixes this month, but Microsoft has patched CVE-2018-8267, a remote code execution vulnerability that was publicly disclosed last week. Here’s more information on what to look out for after this month’s Patch Tuesday.
Microsoft Patch Tuesday June 2018 security updates
This month’s Patch Tuesday security updates cover the following Microsoft products:
Microsoft Office Services and Web Apps
Critical patch updates
Out of the 50 security vulnerability fixes announced by Microsoft, 11 are labeled critical. Ignoring these vulnerabilities could open your enterprise up to memory corruption, remote code execution, and denial of service attacks, so it’s important to implement these new patches as soon as possible.
Adobe Flash Player updates
Adobe has released one critical Flash Player vulnerability fix this June, ADV180014. This security update addresses the following vulnerabilities: CVE-2018-4945, CVE-2018-5000, CVE-2018-5001, and CVE-2018-5002. Patching these vulnerabilities can save you from threats like arbitrary code execution and information disclosure.
This Patch Tuesday, Microsoft also released non-security updates for Office 2013 and Office 2016. View the entire list of non-security updates for the month of June.
In addition to releasing the regular Patch Tuesday updates, Microsoft has also published KB4338110, a security advisory that tells coders how to avoid creating applications that are vulnerable to a padding oracle attack via the Cipher-Block-Chaining (CBC) mode of symmetric encryption algorithms. Applications developed with this flaw can allow attackers to decrypt and tamper with encrypted data without having to know the encryption key. More concerning, this flaw can be used both locally and in network-based attacks.
Install Patch Tuesday updates using automated deployment
Automated patch deployment can come in handy if you’re deploying these latest Microsoft patches to more than 10 endpoints in your network. And with new patches coming out every month, the best way to eliminate cyber threats and keep your organization’s systems up-to-date is to schedule the automated deployment of Microsoft and non-Microsoft patches. You can download a 30-day free trial of either Desktop Central or Patch Manager Plus to start automating patch deployment.