Hello, welcome to the Friday, May 15th, 2020 edition of the Sand Center and Storm Center's Stormcast.

My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

Now, when we are talking about Windows patches and as we did this Tuesday, we always focus on what Microsoft calls its critical

vulnerabilities. Rob today in his diary actually picked up on one of the medium vulnerabilities

to kind of show that you probably shouldn't neglect them. The vulnerability here was CVE 2020 1048.

Now this vulnerability has a rating of a medium

and it's a privilege escalation in the printer spooler.

However, it turns out to be actually a fairly simple,

persistent back door. All you have to do is add a new printer

port that points to the famous UAL API.DL and essentially anything that you sent, any binary

that you sent to this printer port will be executed. Now admittedly CVSS score of this vulnerability is 7.8, which isn't exactly low, but you definitely

shouldn't really miss out on some of these lower vulnerabilities.

Luckily these days, most people just apply the full set of patches so there isn't really any cherry

picking that usually happens that may overlook an issue like this. And the US 3rd

published the list of what they're calling the top 10 most exploited vulnerabilities

from 2016 to 2019. And while it yet again shows how important

it is to patch Windows and Office, many of the vulnerabilities are office and

they're not the recent ones. They're going back like to 2017, even 2012.

So these vulnerabilities are still causing a lot of pain for organizations.

Now aside from office, we also have SharePoint vulnerabilities here, Adobe Flash,

of course, and then the famous Apache Struts vulnerability that of course caused quite a bit of pain

...