Hello, welcome to the Thursday, July 15, 2021 edition of the Sandtonet Storms,

Understorm, Stormcast. My name is Johannes Ulrich. And the time recording from Jacksonville, Florida.

Quick little update on malicious documents from Jan and, well, not all of them actually work.

And that's something that I've observed in the past two, for example, against attacks, against

web application vulnerabilities, where sometimes, well, the attack is just not done very well

and often appears to be not tested.

In this example, it was a malicious Excel spreadsheet or supposedly malicious. We

couldn't really tell because it was encrypted. And part of the email was that it mentioned a

password. Of course, that's quite common. But the password mentioned the email didn't work. And

the Jan was actually not successful, brute forcing the correct

password. So this was obviously not tested by the attacker. One of those few cases where the

victim just gets lucky. And then a couple of comments, corrections about yesterday's patch Tuesday.

First, a couple of readers noted that I said there were six previously disclosed vulnerabilities

for being already exploited, but I said there are only nine, not ten, that were either

disclosed or already exploited, and that's just because one vulnerability

was both previously disclosed and already being exploited, and then of course being the

print spooler vulnerability.

And secondly, the Microsoft Exchange server vulnerability that pointed out, CVE 2021, 344-473. It was actually

already patched in April. The CVE was omitted from the April release, and as a result, they

just sort of republish this here as an informational change only. And thanks to Kenneth

for pointing out this oversight. And as far as post-patch Tuesday patches go, we got a couple

patches from Mozilla that are noteworthy. They affect Firefox with that also the Torp browser

...