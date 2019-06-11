Image: Microsoft

Microsoft has published today its monthly roll-up of security updates, known as Patch Tuesday. This month, the OS maker has patched 88 vulnerabilities, among which 21 received a rating of "Critical," the company's highest severity ranking.

Furthermore, the May 2019 Patch Tuesday also included fixes for four of the five zero-days that a security researcher and exploit seller by the name of SandboxEscaper published online over the course of the last month.

Security patches are available for:

Fixes for a fifth zero-day weren't ready in time, as SandboxEscaper published details about this bug only last week, on Friday, June 7, leaving Microsoft no time to put together and test a patch.

The good news is that despite details and proof-of-concept demo exploit code being available for all these four zero-days, none of them were incorporated in malware campaigns.

Furthermore, of all the 88 vulnerabilities patched this month, none was exploited in the wild either.

Other important fixes

But besides patches for Windows and Office products, Microsoft also issued a security advisory about separate firmware updates for HoloLens devices.

This month, Microsoft patched four remote code execution (RCE) flaws that affect the Broadcom wireless chipset included in Microsoft HoloLens devices.

The four RCEs are CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, and CVE-2019-9503.

And since RCEs are about the worse bugs around, we'll also highlight that Microsoft also patched nine RCEs in the Chakra Scripting Engine (included with Edge), four RCEs in the Microsoft Scripting Engine, three RCEs in the Microsoft Hyper-V hypervisor, an RCE in the Microsoft Speech API, and an RCE impacting both Edge and Internet Explorer.

Faulty BLE security keys won't work anymore

Last, but not least, Microsoft also warned that some Bluetooth-based security keys would stop working on Windows after applying today's patches.

More specifically, Microsoft is referring to Feitian and Google Titan security keys, which contain a misconfiguration in the Bluetooth pairing protocols that allows an attacker to interact with the key.

"Microsoft has blocked the pairing of these Bluetooth Low Energy (BLE) keys with the pairing misconfiguration," the OS maker said.

Users of these devices are advised to look into requesting a free replacement, which both Google and Feitian are providing for free.

Additional info

Since the Microsoft Patch Tuesday is also the day when other vendors also release security patches, it's also worth mentioning that Adobe and SAP have also published their respective security updates earlier today.

More in-depth information on today's Patch Tuesday updates is available on Microsoft's official Security Update Guide portal. You can also consult the table embedded below or this Patch Tuesday report generated by ZDNet.

