Microsoft Security Updates: June 2018

File Attachment: June-2018

June’s Patch Tuesday is lighter weight compared to previous months. In all, 51 unique CVEs are addressed, with 11 CVEs marked as Critical. Adobe also released an out-of-band update for a Flash Player vulnerability last week, which is being actively exploited.

Speculative Store Bypass
Microsoft released patches for Speculative Store Bypass, also known as Spectre Variant 4. These patches enable Speculative Store Bypass Disable (SSBD) for Intel processors. New Intel microcode will be required to be fully protected against Variant 4.

Windows DNSAPI
Patches were released for vulnerabilities in the Windows DNSAPI. This could allow an attacker to compromise a system through a malicious DNS server. Mobile workstations that may connect to untrusted wifi are at high risk and this patch should be a priority for them.

HTTP Protocol
A critical flaw in Microsoft’s HTTP.sys is also fixed in this release. HTTP.sys is a kernel-mode protocol listener that is used by IIS and various services in Windows. An attacker exploiting this vulnerability could obtain full control of an impacted system. This patch should be prioritized for all Windows systems, servers and desktops.

Browsers and Scripting Engine
The other critical Microsoft patches are primarily for browsers, the Windows Scripting Engine, and Windows Media Foundation. These patches should be prioritized for workstation-type devices.

Adobe
Adobe released an out-of-band update for a Flash Player vulnerability last week. This vulnerability is being actively exploited according to Adobe, and should be prioritized for workstation-type devices. In May, another out-of-band update was released for Adobe Reader, which also has a publicly available exploit. This patch should also be prioritized for impacted workstations.

Executive Summary

Microsoft released security updates for all client and server operating systems that are supported by the company.
All versions of Windows are affected by at least one critical security vulnerability.
Support for Speculative Store Bypass Disable (SSBD) was added but is not enabled by default.
Microsoft released security updates for the following products as well: Internet Explorer, Microsoft Edge, Microsoft Office, Adobe Flash Player.

Operating System Distribution

Windows 7: 9 vulnerabilities of which 2 are rated critical and 7 important.
Windows 8.1: 8 vulnerabilities of which 2 are rated critical and 6 important.
Windows 10 version 1607: 25 vulnerabilities of which 4 are rated critical and 21 important.
Windows 10 version 1703: 25 vulnerabilities of which 3 are rated critical and 22 important.
Windows 10 version 1709: 27 vulnerabilities of which 4 are rated critical and 23 important.
Windows 10 version 1803: 26 vulnerabilities of which 4 are rated critical and 22 important.

Windows Server products

Windows Server 2008 R2: 9 vulnerabilities which 2 are rated critical and 7 important.
Windows Server 2012 and 2012 R2: 8 vulnerabilities which 2 are rated critical and 6 important.
Windows Server 2016: 24 vulnerabilities of which 4 are rated critical and 22 important.

Other Microsoft Products

Internet Explorer 11: 4 vulnerabilities, 2 critical, 2 important
Microsoft Edge: 7 vulnerabilities, 3 critical, 4 important

Direct update downloads

Updates for all supported versions of Windows may also be downloaded from the Microsoft Update Catalog website.

Windows 7 SP1 and Windows Server 2008 R2 SP

KB4284826 -- 2018-06 Security Monthly Quality Rollup for Windows 7
KB4284867 — 2018-06 Security Only Quality Update for Windows 7

Windows 8.1 and Windows Server 2012 R2

KB4284815 — 2018-06 Security Monthly Quality Rollup for Windows 8.1
KB4284878 — 2018-06 Security Only Quality Update for Windows 8.1

Windows 10 and Windows Server 2016 (version 1607)

KB4284880 — 2018-06 Cumulative Update for Windows 10 Version 1607

Windows 10 (version 1703)

KB4284874 — 2018-06 Cumulative Update for Windows 10 Version 1703

Windows 10 (version 1709)

KB4284819 — 2018-06 Cumulative Update for Windows 10 Version 1709

Windows 10 (version 1803)

KB4284835 — 2018-06 Cumulative Update for Windows 10 Version 1709

Microsoft Security Updates: June 2018

Categories

Labtech

Mac Agent Functionality Within ConnectWise Automate

ConnectWise RMM vs Automate: Should I be using CW RMM?

ConnectWise Automate on Linux – Best Practices

ConnectWise Automate Maintenance Mode Explained Best Practice

Uninstalling and Offboarding Automate Agents

How to Set Up Automate users to use ConnectWise SSO

Windows 10 Build Upgrades are Inevitable - Use Kaseya/ConnectWise Automate to Deploy

Best Practice Naming of Patching Groups

Automate 12 Patch 9 Now Available!

5 Tips for using the Report Center

Business Continuity

Proactive Maintenance

Kaseya

What Should I be Automating in Kaseya VSA 9.5?

Security Best Practices for Kaseya VSA

Kaseya VSA: Software Management vs. Patch Management

Software Management Enhancements

Two-Factor Authentication in Kaseya VSA

Windows 7 & Windows 10 Multiple Builds End of Life – Upgrade Using Kaseya or ConnectWise Automate

Kaseya Network Monitor: Benefits & Features

Kaseya Patch 9.5.0.22 and Future Updates

Kaseya's New State-of-the-Art Contemporary User Interface

Kaseya Product Release - April '19

Datto

Creating & Implementing a Disaster Recovery Plan

Disaster Recovery – Minimizing Impact of Downtime

Updating a Datto Device

Datto Agent Communication Errors

Datto

StorageCraft

Get in touch today for MSP Centralized Services