Hello, welcome to the Thursday, January 13th, 2020 edition of the Sansanet Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

CVE 2022-219070, the HTTP CISW vulnerability patched by Microsoft in Tuesday's patch update is still, well, the big news

item here, but really not much new about it. No real talk about any exploits coming out or any

proof of concepts or anything like that. Also, no real details about the nature of the vulnerability at this point.

You can take this as a good sign that it will take a while for an exploit to be actually released,

but I wouldn't let off on patching. Definitely keep patching, try to get this patch rolled out,

in particular the public facing system as much as possible

by the end of this week. Looking at prior vulnerabilities in HGP.Sys, they have turned out to be

difficult to exploit in part because of some of the memory protections and such being built

into HGPSys and kernel mode drivers like this.

So we may never really see sort of a great remote code execution exploit for this,

but all it takes is one and yes, it's certainly possible.

May just take, for example, some additional vulnerabilities that leak some of the

kernel space information or such that may be needed in order to exploit this vulnerability.

At least things like this have been done in prior similar vulnerabilities.

Just to summarize what we know or assume, so far I've published an FAQ about this vulnerability,

and the link will, of course, be in the show notes.

Sometimes we're just lucky in researchers give us some time before they publish all the details

as one example, some Sonic Wall vulnerabilities with a CVSS score of 9.8 that were patched at the beginning of December are now well exploitable in a sense that there is a blog post that was now published by Rapid 7 with additional details regarding

these vulnerabilities.

This affected the SMA models 200, 210, 400, 400, 4010 and 500, and this is also an unauthenticated

...