Hello, welcome to the Thursday, April 14th, 2020 edition of the Sands and at Storm Center's

Stormcast. My name is Johannes Ulrich. And I'm recording from Jacksonville, Florida.

I've got a quick diary today by Jan. He compared the number of web servers in Ukrainian IP address space before and after a Russian invasion.

Now, the decrease is actually notable, but probably less than most would have expected.

Only about 12% of the pre-war total web servers are no longer reachable,

which given the large physical destruction and, of course, some of the distributed denial of service attacks and such,

is actually a rather small number.

Comparatively speaking, the Russian Internet actually lost more web servers.

However, that is not so much, of course, the result of physical attacks or denial of service attacks,

but likely more the result of some of the

political effects like sanctions and also some of the deep hearing that has happened either

from Western or Russian ISPs. And this decrease in connectivity probably doesn't account

for the effect of Starlink, which has been deployed in parts of Ukraine, because Starlink typically uses Nat and can't easily be used to expose web servers.

And of course, they probably wouldn't show up as part of the Ukrainian IP address space.

And then just a quick follow up on yesterday's Microsoft Patch Tuesday, the big vulnerability

here that everybody's talking about is CVE 2022-26809.

That's the RPC vulnerability. No exploit yet. A lot of chatter on Twitter

about people working on exploits, but having difficulties actually coming up with a working

exploit. I'm totally guessing here, but I think we probably have till sometime next week before

an exploit is released. I highly recommend you're applying this patch, and I'm talking about

the entire patch for the month before the weekend. It'll likely significantly improve your chances of having a quiet weekend.

And the reason I say, just apply the entire patch. Don't just focus on this RPC patch.

...