Hello, welcome to the Wednesday, December 9th, 2020 edition of the San San Bernard Storm Center's Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Well, it's patched Tuesday, so let's jump in and see what Microsoft got for us. A total of 58 vulnerabilities were patched this month. That's actually

less than we had before this year. We usually had sort of around 100 vulnerabilities, I believe,

each month. And only nine of this month's vulnerabilities are rated critical. Now, as far as the critical vulnerabilities

go, there are two with the CVSS score of 8.8 in Microsoft Dynamics. If you're running

this product, then certainly pay attention to them. Microsoft Exchange and then again, SharePoint are others with

critical vulnerabilities. So as usual, Microsoft Exchange, SharePoint are big targets,

widely used and probably more interesting here to the average organization compared to Microsoft

Dynamics.

But then we also got a sort of interesting knowledge-based article or advisory regarding spoofing

of DNS responses, and this specifically affects fragments.

Now, the ultimate problem that fragmentation can make it easier to spoof DNS.

Has been known for, well, I think at least 10 years or so,

keeps sort of getting rediscovered, but has become more of a problem in recent years because

of extended DNS option zero, which enables DNS servers to receive responses that exceed

512 bytes in UDP.

Now, historically, of course, we had this 512 byte limit in order to prevent a fragmentation,

but that is really no longer valid.

And currently actually, most DNS servers advertise that they're willing to accept

UDP responses up to 4 kilobytes in size,

which of course definitely will get fragmented if you ever see a response that large,

given that a typical network MTO is still only around 1,500 bytes.

...