Microsoft Patches Four Publicly-Known Vulnerabilities (Jun 11, 2019)
This month, Microsoft has released patches for 88 vulnerabilities including four previously known bugs. Out of the 88 patches, 21 were rated critical, 66 important, and one moderate. While there no reports of exploitation of the vulnerabilities, they include bugs such as allowing Elevation of Privilege on an affected machine. Two patches included for remote code execution vulnerability in Microsoft Word on both Windows and Mac. Other vulnerabilities patched affect SharePoint that could enable an attacker to change permissions, delete content, place malicious content and read unauthorized content.
Recommendation: The security update should be applied as soon as possible because of the high criticality rating of these vulnerabilities and for the potential for an actor to exploit them. Additionally, your company should have policies in place to review and apply security updates for software in use to protect against known vulnerabilities that threat actors may exploit.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.