Hello, welcome to the Friday, May 13, 2020 edition of the Sands and Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida.

We do have a quick follow-up by Rob today to a diary that he wrote a few days ago about how to figure out what

the latest patches are that Microsoft has to offer in order to check if your systems are

completely patched.

Now, this involved PowerShell and the connection to the Microsoft Update Catalog in order to retrieve

current available updates, but when Rob moved this script to production, well, it failed.

And apparently the problem here was that the client systems had a rather tightly configured TLS configuration.

It's unusual but still a good idea for clients to limit, for example, the TLS ciphers that they're supporting,

and sadly, the Microsoft Update Catalog does not yet support TLS 1.3 which would have

been an option here. Probably not a huge surprise here from Microsoft's and given that

Microsoft server is a little bit behind here when it comes to TLS 1.3 support.

And I believe only the latest version Windows server 2022 officially supports TLS 1.3 out of the box.

And a little bit lost this week in Microsoft another updates is an update by HP for its

PC bias. This is the May 2020 update released on May 10th and it fixes two vulnerabilities,

both with a base score of 8.8, and both with the possibility of arbitrary

code execution. HP did not include a lot of detail with its advisory, but a long list of

affected systems, including notebooks, desktops, point-of-sales PCs, desktop workstations,

and also thinclined PCs.

But it's not just HP sneaking in some bias updates. We also got some from Intel.

That's the 2022.1 IPU bias advisory. It fixes, I believe it was 11 vulnerabilities,

and the highest CVS score here is 8.2,

which was assigned to four of the vulnerabilities.

...