System administrators from all over the world know what the second Tuesday of the month brings: the regularly scheduled bounty of patches from Microsoft and other vendors. Because June started on a Wednesday, this month’s Patch Tuesday was on June 14, which is the latest it can be in any given month.
This month’s volume of patches doesn’t differ too much from May’s. This month’s fixes are in sixteen bulletins, with five rated critical. Three of the critical bulletins cover cumulative updates in Internet Explorer, Edge, and the JScript/VBScript scripting engines. A fourth bulletin covers multiple vulnerabilities in Microsoft Office. The fifth one might be the most serious in this month’s bulletins: MS16-071 it patches a flaw in the Windows DNS Server that could allow arbitrary code execution on the affected machine if it receives a specially crafted DNS request.
Frequently Adobe also releases updates on Patch Tuesday. While they did so for some of their products, Flash and Acrobat/Reader were not among them. However, they did release a security advisory (APSA16-03) which noted that a new Flash vulnerability (CVE-2016-4171) was in use in “limited, targeted attacks”. They indicated a fix may be available as early as June 16.
Users are highly recommended to apply all these patches as soon as possible.
Trend Micro solutions
- 1007657—Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3210)
- 1007661—Microsoft Edge Scripting Engine Memory Corruption Vulnerability (CVE-2016-3199)
- 1007698—Microsoft Windows ATMFD.DLL Elevation Of Privilege Vulnerability (CVE-2016-3220)
- 1007652—Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0199)
- 1007656—Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3207)
- 1007653—Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2016-0200)
- 1007664—Microsoft Windows PDF Information Disclosure Vulnerability (CVE-2016-3201)
- 1007662—Microsoft Edge Memory Corruption Vulnerability (CVE-2016-3222)
- 1007659—Microsoft Windows PDF Information Disclosure Vulnerability (CVE-2016-3215)
- 1007665—Microsoft Windows PDF Remote Code Execution Vulnerability (CVE-2016-3203)
- 1007668—Microsoft Windows Graphics Component Information Disclosure Vulnerability (CVE-2016-3216)
- 1007654—Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3205)
- 1007666—Microsoft Office Memory Corruption Vulnerability (CVE-2016-3233)
- 1007655—Microsoft Internet Explorer Scripting Engine Memory Corruption Vulnerability (CVE-2016-3206)
- 1007660—Microsoft Edge Security Feature Bypass Vulnerability (CVE-2016-3198)
- 1007667—Microsoft Office Information Disclosure Vulnerability (CVE-2016-3234)
- 1007663—Microsoft Office Memory Corruption Vulnerability (CVE-2016-0025)
Update as of June 16, 2016, 5:00 PM (UTC-7)
Adobe has now released the promised update for Adobe Flash Player. Details can be found in their security bulletin APSB16-18. The newest version for most users is now 220.127.116.11.