Microsoft has published today its monthly roll-up of security updates, known as Patch Tuesday. This month, the OS maker has patched 88 vulnerabilities, among which 21 received a rating of "Critical," the company's highest severity ranking.
Furthermore, the May 2019 Patch Tuesday also included fixes for four of the five zero-days that a security researcher and exploit seller by the name of SandboxEscaper published online over the course of the last month.
Security patches are available for:
Fixes for a fifth zero-day[1] weren't ready in time, as SandboxEscaper published details about this bug only last week, on Friday, June 7, leaving Microsoft no time to put together and test a patch.
The good news is that despite details and proof-of-concept demo exploit code being available for all these four zero-days, none of them were incorporated in malware campaigns.
Furthermore, of all the 88 vulnerabilities patched this month, none was exploited in the wild either.
Other important fixes
But besides patches for Windows and Office products, Microsoft also issued a security advisory about separate firmware updates for HoloLens devices[2].
This month, Microsoft patched four remote code execution (RCE) flaws that affect the Broadcom wireless chipset included in Microsoft HoloLens devices.
The four RCEs are CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.
And since RCEs are about the worse bugs around, we'll also highlight that Microsoft also patched nine RCEs in the Chakra Scripting Engine (included with Edge), four RCEs in the Microsoft Scripting Engine, three RCEs in the Microsoft Hyper-V hypervisor, an RCE in the Microsoft Speech API, and an RCE impacting both Edge and Internet Explorer.