Hello, welcome to the Tuesday, April 12, 2020 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Remember around the time when the spring for shell vulnerability came out, there was all that

confusion, there was another vulnerability that was patch There was all that confusion. There was another vulnerability

that was patched in spring and that affected spring cloud function. Now, we are seeing

active exploit attempts, at least probes for this vulnerability, where attackers are checking

if you are using spring Cloud function by actually looking

at the gateway routes URL.

So don't forget this particular vulnerability.

It's one IP address in particular that does very actively scan for this vulnerability.

It also scans for other web vulnerabilities, some of them Java related, but also some totally different and very old

PHP vulnerabilities. So it looks like they're trying to add this particular exploit to their

repertoire for this particular bot.

And talking about applying patches, Microsoft has something new there for enterprises that they call Auto Patch.

Now, when you hear Autopatch, it of course sounds very much like the automatic updates that you can enable

in consumer Windows and, well, a lot of operating systems.

This one is a little bit different and more targeting enterprises.

Essentially, what Autopatch is doing is it automatically selects some representative systems from your environment and then first installs the patch on a very small number of systems.

They sort of one out of each category, sort of it identifies checks if the patch works okay, only if they work okay, then it sort of increases the population

of patch devices for sort of to 1%, then 9%, until it then rolls them out to the entire enterprise.

Interesting system, we'll have to see how this works, but the idea is to sort of

automate what a lot of enterprises do anyway, but they first sort of test a patch, then they roll it

...