Hello and welcome to the Wednesday, December 14, 2020 edition of the Sandtonet Storm Center's Stormcast. My name is Johannes Ulrich. And I'm recording from Jacksonville, Florida.

Well, quite the patch Tuesday today and a little spoiler alert here, but we got three different companies

patching vulnerabilities that are already being exploited in the wild.

So let's start with Microsoft, of course, who sort of invented, I guess, patch Tuesday.

And for the last patch Tuesday of the year, we got patches for 74 vulnerabilities,

which includes the chromium fixes for Microsoft Edge. Not everybody sort of considers them

Microsoft patches. And seven of the vulnerabilities that were patched are rated as critical.

One has been previously disclosed and one is already being exploited.

Now, the already exploited vulnerability is a problem with the Windows smart screen feature.

That's something I've mentioned a few times before and some of its weaknesses

in Windows. The problem here is this mark of the web, this extended data stream that's

being added to mark files that were downloaded from the web to treat them differently if

the user then attempts to open these files.

Not technically a vulnerability, but something that's included as an advisory in this update

is issues with drivers that are assigned using Microsoft's developer program.

Apparently, some of the certificates very used for lateral movement by the Cuba Ransomare,

and Microsoft now revoked those certificates.

And then we got one vulnerability here that was publicly known but hasn't apparently been used

in any exploit yet, and that's DirectX Graphics kernel elevation of privilege vulnerability.

A couple other noteworthy vulnerabilities here.

There is a remote code execution vulnerability in the dot net framework.

Less likely to be exploited according to Microsoft, but a CVSS score of 8.8. And then we do have

...