12
Jun 18

Microsoft Patch Tuesday, June 2018 Edition

Microsoft today pushed out a bevy of software updates to fix more than four dozen security holes in Windows and related software. Almost a quarter of the vulnerabilities addressed in this month’s patch batch earned Microsoft’s “critical” rating, meaning malware or miscreants can exploit the flaws to break into vulnerable systems without any help from users.

Most of the critical fixes are in Microsoft browsers or browser components. One of the flaws, CVE-2018-8267, was publicly disclosed prior to today’s patch release, meaning attackers may have had a head start figuring out how to exploit the bug to attack Internet Explorer users.

According to Recorded Future, the most important patched vulnerability is a remote code execution vulnerability in the Windows Domain Name System (DNS), which is present in all versions of supported versions of Windows from Windows 7 to Windows 10 as well as all versions of Windows Server from 2008 to 2016.

“The vulnerability allows an attacker to send a maliciously crafted DNS packet to the victim machine from a DNS server, or even send spoofed DNS responses from attack box,” wrote Allan Liska, a threat intelligence analyst at Recorded Future. “Successful exploitation of this vulnerability could allow an attacker to take control of the target machine.”

Security vendor Qualys says mobile workstations that may connect to untrusted Wi-Fi networks are at high risk and this DNS patch should be a priority for them. Qualys also notes that Microsoft this month is shipping updates to mitigate another variant of the Spectre vulnerability in Intel machines.

And of course there are updates available to address the Adobe Flash Player vulnerability that is already being exploited in active attacks. Read more on that here.

It’s a good idea to get in the habit of backing up your computer before applying monthly updates from Microsoft. Windows has some built-in tools that can help recover from bad patches, but restoring the system to a backup image taken just before installing the updates is often much less hassle and an added peace of mind when you’re sitting there praying for the machine to reboot after patching.

This assumes you can get around to backing up before Microsoft decides to patch Windows on your behalf. Microsoft says by default, Windows 10 receives updates automatically, “and for customers running previous versions, we recommend they turn on automatic updates as a best practice.” Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible.

For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update.

As always, if you experience any problems installing any of these updates, please leave a note about your issues in the comments below.

Additional reading:

Cisco Talos Intelligence blog take

The Zero Day Initiative’s Security Update Review

SANS Internet Storm Center

Microsoft Security Update Guide

Tags: , , , , ,

36 comments

  1. The Sunshine State

    I continue to have issues with Windows 7 SP1 with the security Monthly rollup’s I have to download and install the Office updates first, reboot and then hope and prey the Monthly rollup installs properly

    The firewall Intrusion Protection didn’t help either blocking the security updates from the start DOH !

    2018-06 Security Monthly Quality Rollup for Windows 7 for x64-based Systems (KB4284826)

  2. At the White House….
    http://www.usprotech.com/us-protech-meets-white-house-administration-staff-private-briefing/

    Our CDM Security Application Slide Deck is here: http://www.anamo.io

    I’d like to understand if you would critique a product and how a company could compensate you for your effort.

    Would you like to have a conversation?

    Thank you,
    Jonathan

  3. Is the image backup that comes with windows 10 these days reliable? Or do you recommend a 3rd party version?

    • I’ve only just begun trying Windows image backup lately; so I can’t vouch for it yet – but Macrium Reflect has never let me down in I don’t know how many disasters.

      The problem was that you couldn’t compress the image, in the first versions of the Windows backup; but now, that isn’t as much of a problem, as people have huge drive space for any backup task. Hopefully Windows 10 has image compression ability by now.

  4. Considering the problem of Evil Twin wifi networks, the DNS attack is very concerning.

    Qualys says untrusted Wi-Fi networks are high risk, but so is connecting to a network you *believe* is trusted, but is fake.

  5. Barbara A Nelson

    since the update received June 11, 2018 I receive an error message indicating that there is a problem with my computer and needs to restart. In the message window there is verbiage that indicates to go to windows/stopcode to unistall, but don’t know what to install. It also indictates that if I call for support to mention the following message but the window is not open long enough for me to write it down. I happens after the laptop has gone into sleep mode or when I click on the down arrow to open all the tabs I am using.

    • You have a virus.

    • We seen a similar issue with updates recently on Windows 10 computers. After googling, the fix turned out to be booting to safe mode and uninstalling the video and audio drivers. After booting to normal mode and confirming the computer was no longer blue screening, we downloaded the latest video and audio drivers and reinstalled. Both systems were recovered.

  6. Please add a mobile version of your site. It’s painful to read your articles on a mobile device.

  7. Perhaps you were looking for “peace of mind.” I know I am.

  8. And don’t forget, there is another browser. The one I like is opera. It does the same stuff the big boys does, and it works. I’m still trying to get away from edge, and recheck all your settings after any update. Many of them are now hidden, and you have to use God mode to find them. But, even God mode is becoming irrelevant, by the latest practice of renaming of the old programs. A shame.

  9. I try to use Linux now whenever I can.

    I can do most things in Linux that I do in Windows, and some things that Windows won’t do.

    It’s incredible how less frustrated I am and how much more work I can get done by simply using a stable operating system!

  10. Ok. Microsoft is at it again. Almost do not want any more updates from them. Once again Microsoft screwed up my system even tho I carefully install updates 1 at a time and then reboot to ensure the system is working properly. Now it is the June 2018 Rollup which has given me a very hard time.
    I nstalled update, system reboots and then never gets to Win7 Prof but reboots again. Went into safe mode and attempted a sys restore…NONE of the restore points will restore the system! Get an error stating sys restore did not restore the system. Critical error.

    Now how do I get my system back?!!!

    • Does your PC let you boot to safe mode? If you have a UEFI BIOS, it may not. Restore is not usually reliable unless you can do it outside the normal mode of the system. Choose the Recovery option and choose a date of recovery point that is the most promising of a full restore. If you still get an error message like that – the first thing to do is ignore it and log onto the administrator in safe mode – chances are the system will finally admit that it did indeed take the recovery point successfully. Don’t ask me why – it’s just the way Windows is! It always pays to have a recovery disk made while the machine is working fine BEFORE the emergency happens.

  11. Switch to Linux already and free yourself from these posts.

    • as much as i wish it could be… windows is a necessary evil for some… yeah i know vine, VMs, blarg, some of us have to use winderp

      • “as much as i wish it could be… windows is a necessary evil for some… yeah i know vine, VMs, blarg, some of us have to use winderp”

        No, it’s not. You have a choice, your friends and family have a choice, your business has a choice.

        If everyone chose to say f-ck M$ and refuse its use anywhere, especially hospitals, military, and schools, IMO they would be forced to adapt or fade away.

  12. @Fred

    “Now how do I get my system back?!!!”

    Unless you enjoy such things, unless you really really enjoy the world of malware scanners on Windows and this update broke my pony and so forth, over and over again, you should really consider switching to Linux or BSD.

  13. @Fred

    “Now how do I get my system back?!!!”

    Unless you enjoy such things, unless you really really enjoy the world of malware scanners on Windows and this update broke my pony and so forth, over and over again, you should really consider switching to Linux or BSD.

  14. Telling users to go to Linux is not helpful guys.
    Fred, in Safe mode, can you run sfc /scannow ?

    This update crashes our system too but booting into Safe mode reverts the update.

    • “Telling users to go to Linux is not helpful guys.”

      Up to a point, true. But after a certain point, dead wrong.

      There IS a tipping point where moving to Linux is going to save you pain and time over the ongoing effort wasted on “fixing” what Microsoft has decided to do to your computer, and dealing with the malware and vulnerabilities that they will never really get fixed.

      My tipping point happened about 2008, and I worked hard to learn Linux and move all my important work over to Linux. There were a few painful days in there, but on the whole it has been a revelation on how computing CAN be beautiful, stable, effective and productive.

      Sure, I keep a Windows system in a VM to run a couple of programs that aren’t available on Linux, but 99% of my work is done in Linux.

      If you think you’re “stuck” in Windows, learn Linux. You will be surprised what you can achieve outside of Windows.

    • Re: Switching to Linux, especially Ubuntu

      1) Most printers aren’t Linux compatible. If you’re going to rely on Linux, you’ll probably need a new printer. Do your homework on that
      2) If you like to watch YouTube videos, be aware that Ubuntu still hasn’t figured out how to prevent choppy, halting video. Plainly they don’t care enough to fix it. The fixes I’ve read about in Ubuntu forums require skills beyond my paygrade, and every one comes with commenters who say they don’t work.
      3) If you rip streaming using Audacity (I save a few select radio programs), you can’t use Ubuntu for the task. This has been the case since at least 2014 (possibly earlier, my recollection isn’t clear). When ripping became impossible, the forums had lots of complaints about the situation. Nothing happened, so I assume the change was deliberate.

      Forewarned is forearmed.

      • Nice FUD.

        • Guess again. I still use Ubuntu along with Windows 7. I have zero affection for Windows 7, no financial stake. Nothing. Period. Non-geeks who consider switching to Linux/Ubuntu need to know what awaits.

          I notice that you didn’t dispute any of the factual assertions. What might the reason be?

  15. It’s pretty sad when you need to back up your machine because the vendor who’s operating system has gotten so bad at patching it that you fear it will not reboot. Just another motivator to spend the extra money and buy a Mac. They have some flaws but they boot every time after an update.

    • Today’s not bad at all. Bricked systems are few and far between It’s not like the old Windows NT/2000 days of playing “patch roulette.”

  16. Just got notification of required update(8), first time it only did 1 update, then it had the remaining 7 to update, I left the room while they were being downloaded, when I got back to computer, it said ‘7 updates not needed”. What the hell is Microsoft doing, after all these years they still don’t do things right and they probably never will. Somewhere there’s suppose to be a manager/team leader. do you ever hear of anyone ever getting fired o demoted???????

  17. Also, if you have issues with RDP, look into the credSSP MS patch. MS set the default on this to be more restrictive recently. It can be adjusted with registry or GPO

  18. This is not a comment on this article, but a suggestion as to possible investigation. Per a report I heard on WXFR, channel 27 out of Roanoke Va, this morning, 6/21/2018, there have been multiple instances of Fraudulent charges on a Wells Fargo Debit/Credit card with payments to Amazon. I have had this happen 2 times. For me the first time was on 4/19/18. I canceled that card and got a new one, and had another charge on 5/16/2018 on the new card. I canceled this card and got my 3rd card. Based on the facts I could see, I suspected that this was more widespread than just me, and reported this to the Christiansburg Police. Then this morning I heard the above report. The interesting point is that new Amazon Prime accounts are being opened, and this is the charge that shows up. Amazon tells me that on the second time, there were 15 accounts open on my debit card account. The bill for only one had reached me, and they canceled the other 14 accounts.

  19. June 20 2018 Windows 10 update taking forever. How long is it supposed to take ?

  20. Yes, Windows ‘as a service’ is not the same. Far more annoyance. Still using Windows 10 pro very rarely. Amazed to see the comment from Kfritz. Using Debian Linux here and printer, scanner, YouTube, even audio stream capture on Audacity all work perfectly. Ten years ago that was not the case. Linux has come a long way.