Hello, welcome to the Monday, February 20th, 2017 edition of the Sands and its Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Scottsdale, Arizona.

On Friday, Rob published a nice script that helps you back up the configurations for your switches and routers.

It does support quite a range of different manufacturers,

and all you need to do is run the script and have a little configuration file

that lists the IP addresses and the maker of the switch that you're trying to back up.

Yes, there are other tools like this out there.

The nice thing about this tool is that it's very simple.

It's just a PowerShell script, so you don't need to install anything.

You just run it on your Windows systems.

For large enterprise network, you probably want to stick with your larger systems to backup

router and switch configurations.

And Google released a new Cerer Day vulnerability in Windows.

This one is affecting EMF images.

Now, EMF images are sort of a more modern version of the famous WMF format.

If you remember, there was like this big vulnerability back in 2006, I think. And in this case, EMF does not allow remote code execution,

but it may leak memory content. What's happening here is that an attacker can specify images with essentially

bad size parameters for certain image areas and then not provide enough data to actually fill in that area.

So what the system will do, it will fill in a random memory content.

Explorability for this is of course a little bit tricky. So an attacker

would first of all have to trick you into opening an EMF image. Now that's probably easy

part because these images can be embedded in all kinds of other documents. It doesn't have to be

just an EMF image by itself. Then secondly, of course, the attacker has to get a hold of the image that's being

...