Hello, welcome to the Wednesday, April 12, 2017 edition of the Sands and its Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Orlando, Florida.

Today, of course, Microsoft's Patch Tuesday, and this patch Tuesday quite a bit different than prior patch Tuesdays, you may have noticed there was no table, no summary on our side in part, because Microsoft went away with its traditional bulletin process.

Instead, Microsoft fully switched to a new security update guide, you have to log in to access it,

and even then it may not always come up. If it does come up, then you should see 644 updates,

with 210 of them listed as critical.

Lucky for Windows users, this update patches of vulnerability in Verde that already has been

pretty actively exploited these last few days by the Tridex Matter campaign.

This vulnerability, I mentioned it briefly on Monday,

does allow an attacker to execute arbitrary code

by tricking the victim into opening an RTF document.

There are actually three different vulnerabilities

that are being used by this particular attack, one in

Virt and VirtPad, one in Explore and one in Office. Probably of particular note is that

VortPat is affected too, so it's not just the full version of Word, but also WordPad.

In particular, if you don't have Office installed, then you may deem yourself safe,

but WordPad comes as part of Windows, so you're still vulnerable.

Also, for end users, no more individual patches instead just one patch that bundles

them all. So Microsoft kind of follows here in Apple's steps by releasing these large monolithic

patches. For enterprise customers, there are still options to apply patches individually.

And a couple other highlights from this month's patch set in addition to the already

mentioned Word in an Explorer office patch.

Hyper V also has a couple of remote code execution, vulnerabilities that are being addressed. Probably as severe as the

...