Hello and welcome to the Tuesday, December 11th,

2024 edition of the Sands and at Storms,

on us Stormcast, my name is Johannes Ulrich,

and then I'm recording from Jacksonville, Florida.

It's Microsoft Patch Tuesday, so of course,

let's start with what Microsoft had to offer.

Today we got patches for 71 different vulnerabilities,

which doesn't consider some of the chromium vulnerabilities affecting Microsoft Edge.

16 of these vulnerabilities were considered critical, and we do have one vulnerability that already had been exploited.

This vulnerability is yet another privilege escalation vulnerability in the Windows Common

Log File system driver. This subsystem did have a number of similar vulnerabilities in the

past, given that it's already being exploited.

It's certainly significant.

Secondly, we do have nine different critical vulnerability, so that's more than half of the critical

vulnerabilities this Tuesday in the Windows Remote Desktop Services. Exposing remote desktop services to the Internet,

of course, is a vulnerability in itself, even not considering these vulnerabilities that

were being addressed today. An exploit here may, however, lead to a remote code execution.

So, well, yet another reason not to expose your remote desktop services.

Of course, this could still be used for lateral movement.

And talking about lateral movement, we do have two remote code execution vulnerabilities in LDAB that are also considered critical,

one of them with a CFSS score of 9.8, and then sort of a blast from the past.

If you remember the plaster warm, yet another remote code execution vulnerability in the LSAS service.

...