meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, April 13th, 2022

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 13 April 2022

⏱️ 7 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. Microsoft Patch Tuesday; NGINX Statement; Industroyer2 Attack Against Ukraine Power Grid

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Wednesday, April 13th, 2020 edition of the Sansonet Storm Center's

0:07.6

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

0:14.3

Well, it's patched Tuesday again, and with that we got patches for 135 different vulnerabilities, which of course also affects chromium

0:24.4

vulnerabilities that got ported by Microsoft. Now, among those 145 vulnerabilities, we have 10 critical

0:34.5

vulnerabilities, and then one important vulnerability was previously disclosed,

0:39.6

and another important vulnerability that's already being exploited.

0:44.9

Probably the most concerning vulnerability, as Renato also points out in the Patch Tuesday blog post,

0:53.4

is a remote code execution vulnerability affecting the remote

0:57.7

procedure call runtime. RPC, always good for some vulnerabilities, and this is like other

1:05.4

RPC vulnerabilities, warmable. Now, CVE number 22, 26809, and the CVSS score of 9.8, so just a little bit short of a perfect tenure.

1:19.9

With exploitability being more likely, according to Microsoft, this means this is something you really need to patch relatively quickly.

1:29.2

Now, I wouldn't really be too worried about an external attack.

1:33.3

If you're exposing port 445 to Internet, then you have probably other problems than patching.

1:39.7

But remember, this could easily be used inside your network. For example, if you have an infected

1:47.0

system in your network, vulnerabilities like this are then often used for lateral movement.

1:53.4

So that's why we need to pay attention to these vulnerabilities, even if an open port 445,

1:59.9

may not be at the top of your concerns.

2:03.9

Another critical vulnerability and a remote code execution that affects network service

2:09.8

is CVE 2224497. That affects the Windows network file system. Now, NFS is not typically enabled on Windows machines,

2:22.5

so that makes that less of an issue. But if you do use NFS on Windows, then definitely

2:29.7

this is again something that you need to pay attention to. As far as the already exploited and disclosed vulnerabilities go, well, both of them, like

2:39.2

I said, are rated important.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.