meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Friday, December 13th, 2024

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 13 December 2024

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Windows 11 and TPM; Azure MFA Bypass; Struts 2 Vuln; Secret Blizzard vs Ukraine

Transcript

Click on a timestamp to play from that location

0:00.0

Hello and welcome to the Friday, December 13th, 2024 edition of the Sansonet Stormsanders Stormcast. My name is Johannes Ulrich and I'm recording from Washington, D.C.

0:14.6

First, start with a little bit sort of a cleanup item after Patch Tuesday and that's, well, the Windows 10 end of life and what that means

0:25.2

for Windows 11 and how to upgrade systems. There's one issue where Microsoft has gone a little bit

0:33.4

forth and back on what hardware is exactly required in order to run Windows 11, and that forth and back on what hardware is exactly required in order to run Windows 11.

0:39.9

And that forth and back led to some problems where people were able to upgrade to Windows 11 when that hardware was considered sufficient.

0:50.7

But later, as the hardware was no longer considered sufficient, some patches may actually

0:56.5

not apply. Hardware item here that causing a lot of confusion is TPM version 2.0. Microsoft

1:05.5

and Windows 11 originally came out, sort of double down on its use of TPM version 2.0, the trusted computing

1:13.6

module in order to support a lot of the advanced cryptographic security features that

1:20.4

Windows 11 offers. Later, they did allow installing Windows 11 on some systems without TPM 2.0, but that has now been reversed.

1:33.0

You need TPM 2.0 in order to run Windows 11, so patches only install on systems with TPM 2.0.

1:42.3

I'll link to an article by Forbes that explains something at Fort and

1:46.0

back and also two posts by Microsoft that does explain its latest stance on TPM 2.0.

1:55.8

And the Oasis security research team found an interesting vulnerability in Microsoft Azure's

2:03.7

multi-factor authentication implementation that I think is not unique to Microsoft.

2:09.6

Actually, I remember a few years back, Facebook having a similar issue.

2:15.2

The problem is that just like for normal passwords, you do need some kind of rate limit and

2:21.0

lockout in order to restrict how many attempts an attacker can use in order to prove

2:27.6

force the multifactor authentication password.

2:31.2

In this case, the usual time-based six-digit key.

2:35.9

Not only did Microsoft not establish rate limit, so it was possible to essentially try as

2:42.8

often as you want until you manage to prude-force the second factor, but they also were

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.