Hello and welcome to the Wednesday, April 12, 2020,

23 edition of the Sands and its Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Well, it's patch Tuesday, so lots of patches today.

Let's get started with Microsoft. We got patches for 114 different vulnerabilities.

Seven of them are critical and one is already being exploited. The already exploited

is CVE 2023-28252. This is a vulnerability in the Windows Common Log File System driver.

This driver runs as a system, so in this case, an arbitrary code execution, gives

your operator code execution as system.

That's where the privilege escalation comes from.

The Windows Common Log File

System driver has been the source of a number of similar vulnerabilities in the past.

CWSS score of this is only 7.8 because after all, it's just a privilege escalation vulnerability.

We do have a number of sort of similar privilege escalation vulnerabilities being patched

with this update, but this is the only one that's currently being exploited.

Now, let's take a look at the critical vulnerabilities.

One that I think is kind of interesting, is DHCP server remote code

execution vulnerability. Yes, that one is rated critical. Not a lot of details as to what this

exactly entails. It does, however, require authentication and does require an RPC call to the DHCP service.

So not something like a simple, unauthenticated DHCP message, which is why the CVS

score of this vulnerability is only 8.8, not sort of in the 9.8 range.

An attacker would have to be located on the same network as the DHCP service.

...