Hello, welcome to the Wednesday, December 13th, 2017 edition of the Sandton and Storm Center's Stormcast.

My name is Johannes Ulrich, and I'm recording from Washington, D.C.

Today, Microsoft Patch Tuesday, we got about 36 different vulnerabilities that are being addressed in these patches.

In addition, of course,

we got an update for Flash. The lion share of the vulnerabilities goes to the scripting engine. We do have, for example, information disclosure vulnerabilities, memory corruption

vulnerabilities. That typically affects your browsers. If there was surprise

among these updates, then it is an update for Windows RAS. Windows RAS is the routing and remote

access service. It's not enabled by default, but if you have it enabled, if your system is accessible

to RPC, then there is a possible remote code execution vulnerability. Microsoft rated this one

only as important. I think it's sort of the a critical, not sure why Microsoft stuck with

important here, probably because this particular component is not enabled by default,

and I don't think it's actually enabled that often. In addition, we also have two vulnerabilities

that are being addressed in Microsoft's Malware Protection Engine.

These are these issues that have been patched last Friday.

And again, you don't really have to apply a regular Windows patch to fix those issues.

Instead, these updates are being pushed as part of signature updates that are being released daily for the Malver Protection Engine.

So nothing really too overly exciting here.

None of the vulnerabilities being addressed here had been disclosed publicly or had been exploited in the past.

So unless you have a system that has the routing and remote access

service enabled, I would just follow your standard patch procedure. No real reason to expedite

anything here. And since it's getting easier and easier to obtain TLS certificates for your website. There is also more

fishing going on that does use websites that are protected by TLS. This will make it even more

...