Hello, welcome to the Thursday, December 20th, 2018 edition of the Science Internet Storm Center's Stormcast. My name is Johannes Ulrich,

and the I'm recording from Jackstable, Florida. Microsoft today had sort of a special holiday gift for us in the forum of an emergency update for Internet Explorer.

This patches a vulnerability in Explorer 9-211,

affecting Windows 7-210 and also Server 2008 to 2019.

This vulnerability has already been used in the wild against targeted attacks and was

originally discovered by Google.

The CVE number for this vulnerability is 2018, 8653.

At this point, I haven't seen an exploit easily available yet for this vulnerability.

However, today an exploit was made public against an older vulnerability, CV 2018-8631.

This vulnerability also affects JavaScript and was patched this month as part of the regular

patch Tuesday.

So if you're planning on taking some time off next week, then you probably do want to

apply this patch before you're leaving for the weekend.

Now, if this vulnerability gets exploited, then one of the common payloads that you may expect

is a PowerShell script.

And Xavier today had an interesting post about how to restrict the network capabilities

of PowerShell.

What Xavier is using here is NetShell. Now, NetShell is used

to adjust the Windows firewall, among other things. And one feature that Xavier is using here,

that you can actually restrict traffic based on the binary that originates the traffic. So, for example, you could limit PowerShell to only establish connections within the local network,

which would prevent PowerShell from downloading malicious software from arbitrary websites.

There are of course other tools that can be used in order to establish network connections.

...