Microsoft issued June 2018 Security Updates that include 51 unique vulnerability fixes, 11 of them rated critical. The updates address multiple Microsoft products to include Windows, Internet Explorer, Edge, Office, Office Services and Web Apps, ChakraCore and Adobe Flash.
Microsoft also released guidance for a new subclass of speculative execution side channel vulnerabilities, Speculative Store Bypass, also known as Spectre Variant 4. These patches enable Speculative Store Bypass Disable (SSBD) for Intel processors and require corresponding microcode/firmware and registry updates for functionality.
One of the critical vulnerabilities fixed in this month’s patch updates is Windows DNSAPI Remote Code Execution Vulnerability (CVE-2018-8225). A RCE vulnerability exists in Windows Domain Name System (DNS) DNSAPI.dll when it fails to properly handle DNS responses.
Microsoft also released a patch to address a critical HTTP Protocol Stack Remote Code Execution Vulnerability (CVE-2018-8231). An RCE vulnerability exists when HTTP Protocol Stack (Http.sys) improperly handles objects in memory.