Hello and welcome to the Monday, February 19th, 2020, 4 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich and then I'm recording from Jacksonville, Florida.

Let's start today with a couple of vulnerabilities.

First one is in solar winds, in particular in the Access Rights Manager,

abbreviated Arm, and here Arm of course is not used for the CPU architecture. There are a total of

five different vulnerabilities being patched in SolarWinds arm and three of them are rated critical.

One is your classic deseralization vulnerability.

Of course, that's one where there are already exploits, kind of an exploit patterns available.

And then there are two directory traversal remote code execution vulnerabilities in this

product. The deseratural vulnerability does require authentication. The directory traversal

vulnerabilities do not require authentication to exploit the vulnerability. Oddly enough, I don't see the

vulnerabilities listed in SolarWinds' global secured advisory page, but they are listed as part of

the release notes for Arm-2020.2.3.

And I'll link to that in the show notes.

These vulnerabilities were reported by Trent Micro's third initiative

and no indication here whether or not

they have already been exploited.

And as of the upcoming version

1-2-3 of Google Chrome, which should show up sometime in March,

Google Chrome is planning on making some changes to how Course works for their browser.

Course, the Cross Origin Resource resource sharing describes how JavaScript being loaded

from one webpage is able to access JavaScript on another web page. Typically, there are sort of

...