Hello and welcome to the Tuesday, October 4, 2020 edition of the Sansonet Stormer's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Yep and we are still not done with the Microsoft Exchange Serer Days.

Turns out that the workaround that Microsoft

published is not really effective in actually blocking all variations of the exploit.

The pattern that Microsoft recommended blocking is Auditiscover.Json at PowerShell.

Well, it turns out the ad simple here is overly specific according to some, and it may lead to a bypass if another character, for example, is being used here.

I would still recommend applying that workaround.

Not sure if there is a more generic one that won't cause any problems.

So if you have already deployed it, definitely don't undo it.

It does protect against some attacks, just not against all attacks. And as usual, be aware of

any exploits that you see out there apparently on GitHub. There are a number of fake exploits.

I haven't run into one myself yet, but haven't really been looking for these exploits either.

There are also apparently some fake exploits for sale.

Just like whenever we have a high profile vulnerability like this,

you have the usual fake exploits, you have the exploits that are probably just going to

rig roll you or in a verse case erase your system if you are running the exploit.

So caution as usual.

And talking about patches that didn't quite get the job done,

well turns out that Schneider Electric had this problem with a patch.

They released in 2020.

The CVE number for the vulnerability was 2020, 28212, and it was a vulnerability in the Unified

...