Microsoft is treating its next Patch Tuesday like a level in Serious Sam where it emerges with guns blazing. Only in this case, instead of taking out extraterrestrials who are intent on destroying all of humanity, Microsoft’s mission is to neutralize more bugs than ever before. More specifically, the Patch Tuesday for June will address a record 94 vulnerabilities across multiple versions of Windows.
One thing we have seen from Microsoft lately are patches for Windows XP even though it’s officially a defunct operating system (at least for consumers). We saw this with the WannaCry ransomware outbreak and again more recently with Microsoft taking a preemptive step to secure Windows XP from future attacks by copycats or might want to exploit the unsupported OS in a similar manner.
Image Source: Flickr (Rory Finneren)
This month’s Patch Tuesday will include security fixes for both Windows XP and Windows Vista, the latter of which is also officially unsupported at this point in the game.
“Microsoft is announcing the availability of additional guidance for critical security updates, that are at heightened risk of exploitation due to past and threatened nation-state attacks and disclosures. Some of the releases are new, and some are for older platforms that we are making publicly available today,” Microsoft stated in a security advisory.
Among the extensive list of patches are several that address the risk of remote exploitation. Each of these are labeled as Critical and each could allow a remote attacker to gain control of an vulnerable system if left unpatched. Here is Microsoft’s description for a vulnerability it identified in a server service.
This security update resolves a privately reported vulnerability in the Server service. The vulnerability could allow remote code execution if an affected system received a specially crafted RPC request. On Microsoft, Windows XP and Windows Server 2003 systems, an attacker could exploit this vulnerability without authentication to run arbitrary code. It is possible that this vulnerability could be used in the crafting of a wormable exploit.
Also among the updates are patches for Adobe Flash Player—a dozen in all—that could lead to arbitrary code execution on a compromised system through Chrome, Microsoft Edge, and Internet Explorer 11, and 32 fixes for IE and Edge, 10 of which are rated at Critical.