Hello, welcome to the Tuesday, March 31st, 2020 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

And today we got a diary from Jan with an unpatched denial of service vulnerability in Windows Explorer.

So not in an Explorer, but Windows Explorer that you use to look at local files.

The trick that he's using here are self-referential link files.

Link files usually point to a different files, but well, they can also point to themselves,

and apparently Windows Explorer has issues with those files.

Now, there are two different type of link files.

They're URL link files, little text files in INI format, and then there are shell links that are

using a binary format.

The difference in impact here is that in order to experience the denial of service condition

with a URL link file, you actually have to try to open the URL link file with the shell link file. The only thing you have to do is

open a directory within which you can find this malicious shell link file. And again,

Windows Explorer will crash. Jan did report this vulnerability to Microsoft. Microsoft decided not to fix it due to the limited impact.

Of course, this is really a little bit more of an annoyance in particular since an attacker

would already need the ability to place the file on your system.

And of course, over the last couple weeks, video conferencing has become a lot more popular,

and there are a number of different solutions that have seen a large increase in their user base.

One of the standouts kind of has been Zoom.

Zoom has sort of been in startup mode and yes has been somewhat

popular, but really its popularity sort of exploded these last couple weeks. And with that, of course,

also a lot more attention has been paid to Zoom's security and privacy posture. Now, I have a couple of stories here about

...