ISC StormCast for Monday, April 17th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 17 April 2017
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Monday, April 17th, 2017 edition of the Science and the Storm Centers |
| 0:06.3 | Stormcast. My name is Johannes Orrich and the damn recording from Jackstable, Florida. |
| 0:12.4 | On Friday, Shadowbroker released yet another set of exploits that it claimed to have stolen from the NSA. |
| 0:20.1 | Friday's release focused on Windows with some of the exploits targeting recent and still in support versions of Windows. |
| 0:30.6 | One exploit that initially looked particularly dangerous was Eternal Plu because it claimed to affect modern versions of Windows |
| 0:40.3 | up to version 8 and enabled a remote compromise via SMB. |
| 0:46.3 | Luckily Microsoft did release a patch for the underlying vulnerability in March, so if you applied March updates, then you should be okay. |
| 0:58.2 | All other vulnerabilities released also had received patches from Microsoft, some of them also fairly |
| 1:05.5 | recently. Now, I'm guessing here a little bit more than I usually like to on this podcast, but my |
| 1:12.3 | assumption is that after it became obvious that these exploits had been leaked, that the NSA |
| 1:19.7 | did notify Microsoft about the potentially leaked exploits, and that way Microsoft had a chance to fix them. As part of Microsoft's |
| 1:30.6 | March Bulletin, however, it did not indicate that these vulnerabilities were already being |
| 1:36.6 | exploited in the wild or that exploit code had been released for these issues. |
| 1:50.5 | There was actually no attribution at all in this case where Microsoft learned about these vulnerabilities. |
| 1:51.6 | Now, not every researcher that reports vulnerabilities to Microsoft does want to get |
| 1:57.6 | acknowledged, but this also very much reaffirms the theory that Microsoft |
| 2:03.6 | did get a heads up about these vulnerabilities from the NSA. |
| 2:07.6 | Now, we had a lengthy discussion internally about whether or not to raise the Infocon level |
| 2:14.6 | over this particular release. In the end, we decided against it, even though we were |
| 2:21.3 | going forth and back a couple times on that, so it wasn't really a very straightforward decision |
| 2:27.3 | in any way. What made a difference for me is that first of all, there's a patch available for a month now, and secondly, in order |
| 2:36.2 | to be vulnerable, you have to have SMB exposed. Also, you have to have SMB version 1 enabled. |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.