Hello, welcome to the Wednesday, December 15th, 2021 edition of the Sansonet Stormsend, Stormcast. My name is Johannes Ulrich.

And I'm recording from Jacksonville, Florida.

Well, it's Microsoft Patch Tuesday and we got patches for 83 Warner Billies, seven of which are critical, and then we also have

six previously disclosed and one already exploited vulnerability.

The one that's already exploited is the Windows AppX installer vulnerability, CVE 2021,

4389,0, and this has been used by fairly common

Malver like Emot Head, TrickBot and the like. The problem with this installer was really

more sort of a human user interface problem in that Malver could essentially masquerade as

trusted software as the installer popped up and

warned the user about software about to be installed.

Interesting is also a critical vulnerability in the Internet Storage Name Service or ISNS

protocol. Now, this is not installed by default. It's part of ISCSI and has a CVSS score of

9.8. However, Microsoft rates the exploitability of this vulnerability as more likely. There are also critical vulnerabilities in Microsoft Office that can lead to remote code execution

and also a 9.8 CVSS score for a remote code execution in Visual Studio Code, the Windows

subsystem for Linux extension.

The one vulnerability that's certainly worth your attention and patch quickly is the Windows

app installer vulnerability, given that it's already fairly widely being exploited.

Among the remaining vulnerabilities, I don't really see anything that really warrants expediting

the patch other than maybe the ISNS vulnerability if you're actually running this component.

And then we are not quite done yet with Log 4J, and there is an other update for Log 4J, so we are now

at version 2.16. The tricky part here is that 2.15 fixed the JNDI problem that we

originally had and that caused a lot of the problems with Log 4J, but there are certain

...