Hello, welcome to the Thursday, June 13th, 2019 edition of the Sansanet Storm Center's Stormcast.

My name is Johannes Ulrich, and then I'm recording from Neptune, New Jersey.

So one of the highlights of yesterday's Microsoft Patch Tuesday was the patch for the four vulnerabilities that Sandbox Escaper published

in May. However, it looks like there may be a fifth vulnerability that Sandbox Escaper wrote about in the GitHub repository.

This is the polar bear repo repository and apparently

this particular version of the Vulnerably has not been patched it. It appears to be another

bypass of CVE 2019, 0841, at least according to the comments published with the proof of concept exploits.

Now, since then, the GitHub repository polar bear repo has been deleted.

There's still an archive available and I'll link to the respective archive in the show notes.

It's also not clear whether or not this particular repo was removed by GitHub

or if Sandbox Escaper was the one who removed it.

As other vulnerabilities published by Sandboxescaper,

it is a privilege escalation vulnerability,

so it would require that the attacker already has access to a system.

It may also require some limited user interaction.

Another follow-up story to Microsoft's patch Tuesday, CVE 2019 1040.

This is a message integrity code tampering vulnerability and we have more details about this vulnerability that was patched yesterday from preempt the company that originally discovered the vulnerability.

One of the more popular attacks against active director environments is NTLM relay, where an attacker

essentially getting in the middle and is relaying messages that are being exchanged between an authenticated client and a server.

In order to prevent these attacks and in order to prevent the attacker from tampering with these

authentication messages, Microsoft did introduce a mic or a message integrity code.

This is essentially a digital signature for these messages.

...