Hello, welcome to the Tuesday, September 24, 2019 edition of the Sands and the Storms Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from London, England.

All the big news today is from Microsoft. Microsoft released an out-of-band security advisory and patch to fix a vulnerability

in Inaudet Explorer's scripting engine.

This particular vulnerability does not only allow for code execution, but it is also already

being exploited in the wild, which prompted Microsoft to release this

special patch.

So it's probably something you do want to roll out rather quickly.

Pretty much all versions of Windows that are currently supported all the way back to Windows

7 and Windows Server 2008

are affected and patches should be available.

As a workaround, Microsoft offers assistance in how to restrict access to the affected

jescript.dll. However, implying these particular workarounds pretty much

disables JavaScript in an explorer and that's often not a viable solution so

definitely apply the patch and Cloudflare released a blog post with

details regarding its bot- fight mode that it just

released as an option for its web application firewall.

Once enabled, this bot fight mode should prevent malicious bots from reaching protected websites.

Now the way it is implemented according to Cloudflare is that first of all, of course,

this particular bot fight mode will look for known bad user agents, but it will go way beyond

that.

It will do tricks like for example profile traffic to see if it matches the

...