NEW: Microsoft Vulnerabilities Report 2022 - Read the Findings of Our Annual Report Read Now

  • Partners
  • Support
  • Careers
  • English
    • Deutsch
    • français
    • español
    • 한국어
    • português
BeyondTrust
  • Products

    Privileged Password Management

    Discover, manage, audit, and monitor privileged accounts and credentials.

    • Password Safe
    • DevOps Secrets Safe
    • Privileged Access Discovery Application

    Endpoint Privilege Management

    Enforce least privilege across Windows, Mac, Linux, and Unix endpoints.

    • Windows and Mac
    • Unix and Linux
    • Active Directory Bridge

    Secure Remote Access

    Centrally manage remote access for service desks, vendors, and operators.

    • Remote Support
    • Privileged Remote Access
    • Privileged Access Discovery Application

    Cloud Security Management

    Automate the management of identities and assets across your multicloud footprint.

    • Cloud Privilege Broker

    BeyondInsight

    Experience the industry’s most innovative, comprehensive platform for privileged access management.

  • Solutions

    Use Cases

    • Cloud Security
    • Compliance
    • Cyber Insurance
    • Digital Transformation
    • Endpoint Security
    • Operational Technology
    • Ransomware
    • Service Desk Efficiency
    • Zero Trust

    Industry Applications

    • Financial Services
    • Government Agencies
    • Healthcare
    • Law Enforcement
    • Manufacturing
    • Schools & Universities

    Solutions

    The BeyondTrust Privileged Access Management portfolio is an integrated solution that provides visibility and control over all privileged accounts and users.

  • Resources

    Learn

    • Blog
    • Customer Stories
    • Competitor Comparisons
    • Datasheets
    • Demos
    • Glossary
    • Podcast
    • Whitepapers

    Attend

    • Events
    • Go Beyond
    • Training
    • Webinars

    Support

    • Changelog
    • Professional Services
    • Technical Documentation

    Universal Privilege Management

    Our innovative Universal Privilege Management approach secures every user, asset, and session across your entire enterprise.

  • Company
    • About
    • Leadership
    • Core Values
    • Partners
    • Careers
  • Watch Demo
  • Contact Sales

Patch Tuesday June 2017

June 15, 2017

  • Blog
  • Archive

Patch TuesdayMicrosoft Patch Tuesday June 2017 addresses 96 unique vulnerabilities within Microsoft Windows, Office, Skype, Internet Explorer, and the Edge browser. Of these vulnerabilities, 18 are rated Critical, 76 Important, one Moderate, and one Low severity. In addition, unsupported OSes received patches due to heightened risk of exploitation, making this Patch Tuesday particularly interesting.

Silverlight

Silverlight makes a return this Patch Tuesday, with a vulnerability that allows for remote code execution if a user visits a compromised website. The vulnerability revolves around how the uniscribe component handles objects in memory, and an attacker who successfully exploits the vulnerability could potentially install programs; view, change or delete user data; or create user accounts with full privileges. This vulnerability is rated Critical by Microsoft.

Windows Search

Windows Search is an unusual face on Patch Tuesday, as it appears with a vulnerability that could allow for information disclosure or remote code execution. The vulnerability deals with the corruption of memory objects when Windows Search is supplied with malicious input. An attacker who successfully exploits could potentially install programs; view, change or delete user data; or create user accounts with full privileges equal to that of the victim user. This vulnerability is rated Critical by Microsoft.

Windows Kernel

The Windows Kernel was patched for multiple Information Disclosure vulnerabilities. While these vulnerabilities themselves do not compromise the victim system, they do provide information that could aid an attacker’s ongoing compromise of a system. As usual, the vulnerability involves improper initialization of objects in kernel memory. Microsoft rated this vulnerability as Important.

Office

It wouldn’t be a Patch Tuesday without discussing Office, however this Patch Tuesday introduces a particularly large number of fixes for Office. These vulnerabilities could allow for an attacker to execute code remotely on the victim’s system with privileges equal to that of the victim user. This serves as a persistent reminder to be cautious about opening documents from untrusted sources. Microsoft rates these vulnerabilities as Important.

Skype

Skype makes an appearance this Patch Tuesday with a vulnerability that allows for remote code execution if a user is lured into viewing malicious content. Like Silverlight, the vulnerability revolves around how the uniscribe component handles objects in memory, and an attacker who successfully exploits the vulnerability could potentially install programs; view, change or delete user data; or create user accounts with full privileges. This vulnerability is rated Critical by Microsoft.

Internet Explorer and Edge

Microsoft’s web browsers make their usual appearance, hosting multiple memory corruption vulnerabilities. An attacker who exploits these vulnerabilities by luring the user to view malicious content would be able to remotely execute commands on the victim’s system, view memory contents, and create user accounts with privileges equal to that of the victim user. Microsoft rates the most severe of these vulnerabilities as Critical.

Graphics

Windows Graphics was patched for a remote code execution vulnerability. The vulnerability stems from the Windows font library improperly processing embedded fonts. An attacker who successfully exploits this vulnerability could take control of the affected system with privileges equal to that of the victim user. Microsoft has rated this vulnerability as Critical.

Legacy OS Patches

In an unusual twist, Microsoft released patches for legacy OSes – such as Windows XP, Vista, Server 2003, and Windows 8 – to address the most severe vulnerabilities suspected to be leveraged by state-sponsored attackers. Microsoft makes it clear that this will not be a change in policy about any OS they consider unsupported. They are releasing this patch to shore up the Internet’s overall security for users who cannot or refuse to update to supported operating systems. While these patches do resolve some vulnerabilities, there are still numerous vulnerabilities on these legacy systems that remain unpatched. Users should still upgrade to a supported operating system, if possible.

Author, BeyondTrust Research Team

Stay Up To Date

Get the latest news, ideas, and tactics from BeyondTrust. You may unsubscribe at any time.

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

You May Also Be Interested In:

Whitepapers

Microsoft Vulnerabilities Report 2022

Whitepapers

Cybersecurity Insurance Checklist

Whitepapers

Privileged Access Management: PAM Checklist

Keep up with BeyondTrust

I agree to receive product related communications from BeyondTrust as detailed in the Privacy Policy, and I may manage my preferences or withdraw my consent at any time.

Customer Support
Contact Sales

Products

  • Endpoint Privilege Management
  • Password Management
  • Privileged Remote Access
  • DevOps Secrets Safe
  • Remote Support
  • Cloud Privilege Broker

Resources

  • Blog
  • Case Studies
  • Competitor Comparisons
  • Datasheets
  • Glossary
  • Podcast
  • Videos
  • Webcasts
  • Whitepapers

About

  • Company
  • Careers
  • Contact
  • Events
  • Leadership Team
  • Partner Program
  • Press
BeyondTrust Logo
  • Facebook
  • Twitter
  • LinkedIn
  • Privacy
  • Security
  • Manage Cookies
  • WEEE Compliance

Copyright © 1999 — 2022 BeyondTrust Corporation. All rights reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust Corporation is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.