Microsoft has released the June 2018 Patch Tuesday security updates, and this month's release comes with fixes for 50 vulnerabilities.
Fixes are included for the Windows OS, Internet Explorer, Microsoft Edge, the ChakraCore JavaScript engine, and Microsoft Office and Microsoft Office Services and Web Apps.
No Windows zero-days this month
There are no Windows zero-days in this month's Patch Tuesday, but Microsoft patched CVE-2018-8267, a
remote code execution vulnerability whose existence was publicly disclosed last week.
In addition to releasing the regular Patch Tuesday updates, Microsoft has also published
KB4338110, a standalone security advisory that contains coding guidance for avoiding the creation of apps vulnerable
a padding oracle attack via the Cipher-Block-Chaining (CBC) mode when used with symmetric encryption algorithms.
Apps developed with this flaw allow an attacker to decrypt and tamper with encrypted data without knowing the encryption key, and the attack can be performed both locally and/or over a network.
Furthermore, after installing this month's Patch Tuesday, everybody's Meltdown and Spectre mitigations will be toggled to the below settings.
