Hello, welcome to the Friday, April 15th, 2020 edition of the Sandsenet Storm Center's Stormcast. My name is

Johannes Ulrich, and I'm recording from Jacksonville, Florida. Of course, the big question today

is what should we expect over the weekend from CVE 22-26809 the RPC vulnerability.

Well, there is not a ton of news which is kind of good here.

Now, the closest to a public exploit we have, as far as I can tell, is a tweet by Antonio

Kokomazzi.

He is going by the Ailes of Splinter code and works for Sentinel 1.

Antonio managed to get an exploit working, but only against a custom RPC configuration.

So nothing that's typically out in the wild, at least that what it

appears like. That's the closest we have to like I said, a public exploit. There may of course

be others working on exploits that are not necessarily tweeting about it. Your best bet at this

point is still to patch and that's where the only

thing that will really protect you, fire war rules and all of that. It's all nice and good,

but probably not going to do for you much internally. I put together a quick post,

just summarizing sort of what we have so far about this vulnerability

Friday at 11 a.m. Eastern, there will also be a webcast with Jake Williams, where he'll go over

some of the exploit development that has been happening so far. Links to the webcast and Antonio's tweet will be added to the show notes.

And if you feel pretty good about having your Windows systems patched, there is a new update out

for Google Chrome that fixes an actively exploited vulnerability, and that's the only

vulnerability being addressed with this update.

And Shihu 360 and the Chinese certsian cert have worked together to identify a new Didos botnet.

They're calling it Fajja. It sort of does adopt a lot of the elements we have seen of prior Linux, IoT-focused botnets, mostly spreading via weak

...