Hello, welcome to the Wednesday, August 11, 2021 edition of the Sandsonnet Storm Center's

Stormcast. My name is Johannes Ulrich. And I'm recording from Stockholm, Germany. Of course, it's

reboot Wednesday and with that, Microsoft's Patch Tuesday is at the top of the news. So let's quickly summarize what we got here.

We got a total of 51 vulnerabilities being addressed here. Seven of them are critical. Two

were previously disclosed and one is already being exploited according to Microsoft.

Well, first, what didn't get patched?

Microsoft Exchange did not receive an other patch this month.

Yesterday, I suggested it may happen, well, hasn't happened yet.

Among the previously disclosed already being exploited vulnerabilities, we first have the Windows

Update Medic Service. This is a service that maintains essentially the update process,

making sure it's working correctly. Secondly, we do have yes, yet another patch for the print

nightmare set of vulnerabilities. Now, the one issue that

sort of remained unpatched when it comes to print nightmare was Point to Print. Point

to Print allowed regular users to install printer drivers on a print server. Well, that's no longer possible after you're

installing this patch. So this patch may break some functionality. Secondly, we do have a fix

for the vulnerability that affects the petty potum exploit that we talked about a couple weeks ago.

I think that was released.

In particular, it does fix the issue where an unauthenticated user could trick your server

into sending an authentication request, which then can lead to these relay attacks.

And then also Noteworthy is the highest rated vulnerability this month.

It's rated with a CVSS score of 9.9 and can be triggered by a simple IPV6 echo request

from a Hyper V guest to a HyperV host and yes leads

...