For this June Patch Tuesday, we won’t see an update to Adobe Flash from Microsoft, but we may see an update from Adobe later this month. With 16 updates for June, we already have enough to worry about. Microsoft has released five critical updates and the remaining 11 patches are rated as important, covering a total of 44 vulnerabilities.
This month looks like a pretty straightforward update cycle, with some very targeted updates from Microsoft which should have a low to moderate risk for deployment.
MS16-063 — Critical
MS16-068 — Critical
MS16-069 — Critical
MS16-070 — Critical
MS16-070 attempts to address four privately reported memory handling related vulnerabilities in Microsoft Office, that if left unpatched could lead to a remote code execution scenario for all currently supported versions, including server and Web App components. This is another standard patch to your normal update plan, but note that some servers will require a restart.
MS16-071 — Critical
MS16-071 is the final critical update for this June update cycle. This fix addresses a single, privately reported remote code execution vulnerability in the Microsoft DNS Server component that only applies to Windows Server 2012 R2. Add this update to your standard server patch effort.
MS16-072 — Important
The first important update from Microsoft is MS16-072. It addresses a single, privately reported vulnerability that affects all currently supported versions of Windows (including Server Core) that if left unpatched, could lead to a man-in-the-middle type attack. The payload for this update appears to be low risk, so add this patch to your standard update process.
MS16-073 — Important
MS16-073 is an update to the kernel mode driver patch we saw in May with MS16-062. If left unpatched, three privately reported vulnerabilities could lead to an elevation of privilege security scenario that could affect all currently supported versions of Windows (desktop and server).
Although this update only replaces a single file (Win32k.sys), it is a vital system component. However, with the relatively lower associated risk of these reported vulnerabilities, I suggest waiting a short while before full production deployment
MS16-074 — Important
MS16-074 is really a combined update of two previous GDI and Adobe Font handling issues (MS16-026 and MS16-055) released early this year. This latest update attempts to address three privately reported vulnerabilities that at worst could lead to an elevation of privileges scenario (only for the logged on user). This patch affects all currently supported versions of Windows and, due to its low level nature, could affect a number of applications. We have seen updates to the Adobe font manager cause a number of BSOD issues with patches over the years, and so it may be prudent to wait a few days before full production roll-outs.
MS16-075 — Important
MS16-075 addresses a single privately reported vulnerability in the Windows Shared Folders (SMB) Server that applies to all currently supported versions of Windows and could lead to an elevation of privilege scenario if -- and only if -- a user logs onto the target system and executes a specially crafted application. Add this update to your standard patch deployment effort.
MS16-076 — Important
MS16-077 — Important
MS16-077 attempts to address two reported vulnerabilities (one publicly reported) in the Web Proxy Auto Discovery (WPAD) protocol. This patch is also an update to two previous Windows 10 cumulative updates (3156387 and 3156421).
MS16-078 - Important
MS16-078 is solely a Windows 10 update and it addresses a single, privately reported vulnerability in the Windows Diagnostic Hub (the new Windows 10 telemetry app). Add this to your standard Windows 10 deployment effort.
MS16-079 — Important
MS16-079 addresses a single privately reported vulnerability in how the Oracle Outside In technology handles memory in Microsoft Exchange. This update may change how the online web service (OWA) behaves and therefore may require some additional testing before deployment in larger OWA environments.
MS16-080 — Important
MS16-080 addresses three privately disclosed vulnerabilities in the Windows PDF stack. This patch only applies to Windows 8.x, Server 2012 Rx and Windows 10. Add this update to your standard patch deployment effort.
MS16-081 — Important
MS16-081 addresses a single privately reported issue in Microsoft Active Directory which could lead to a denial of service scenario. Add this update to your standard patch effort.
MS16-082 — Important
MS16-082 addresses a single privately reported issue in the desktop and server version of Windows Search. This Microsoft patch updates a single file (Structuredquery.dll) which when modified should have a minimal impact on your application portfolio. Add this update to your standard patch deployment effort.
This article is published as part of the IDG Contributor Network. Want to Join?