Hello, welcome to the Wednesday, August 9th, 2017 edition of the Sands and its Storm Center's Stormcast. My name's

Johannes Ulrich, and I'm recording from Jacksonville, Florida. Well, today was Microsoft's and

Adobe's Patch Tuesday, and we tried something new that we went back to something that looked more like these patch overview

tables that we did in the past. Now, we had to stop this for a couple of months because Microsoft's

patch process has changed too much, very no longer have bulletins, but trying to sort of re-immolate some of the features to be had back when

there were still bulletins.

Out of the 40 or so vulnerabilities being addressed here to have been known prior to this release,

seen some other sources that stated a third one was

priorly known and that was CVE 2017 8620. I just double-checked with

Microsoft's page about this vulnerability and they state that this third one has

not been publicly disclosed so I'll stick to a total of

two that have been public disclosed, but not yet exploited.

Overall, no real big surprises here. One curiosity, two of the vulnerabilities affect the Linux subsystem that has been recently included in Windows 10.

Now, one of them is just a denial of service vulnerability.

That's one of the two disclosed vulnerabilities.

And the second one is approach escalation vulnerability. Now most of the vulnerabilities do affect

in an explorer and Microsoft Edge in particular what you're seeing listed as scripting engine memory

corruption vulnerability. These are really Microsoft Edge vulnerabilities for newer operating systems.

And then we also got another critical remote code execution vulnerability in Windows

search.

This is something that has been addressed in two prior patches.

I believe June and July, we had Windows search patches. Some of them had

...