Hello and welcome to the Wednesday, February 14, 2024 edition of the Sansonet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

It's patch Tuesday, so we got a bunch of patches to talk about today, not just Microsoft.

But of course, we'll start with Microsoft.

We got patches for a total of 80 different vulnerabilities.

Five of them are critical and two have already been exploited.

Now, the two exploited vulnerabilities are sort of similar in scope. One is an Internet Shortcut

File security feature bypass, and the other one, Windows Smart Screen Security feature,

bypass vulnerability. The problem here is that a user may download, may be offered a piece of malware, and when they're

trying to execute it, they're not properly being warned that this is a file they downloaded

from the internet. We had numerous similar vulnerabilities before. Among the critical

vulnerabilities, there are two that also are sort of

deja-vous-like vulnerabilities, one Microsoft Exchange Server, Elevation of Privilevich

vulnerability, and then an Outlook remote code execution vulnerability. Both are related to

NTLM hashes that are being leaked here. The first one,

the Microsoft Exchange Server vulnerability, has a CVSS score of 9.8, which of course, in particular

given that it's described as a privilege escalation vulnerability,

it's quite high, but what it really is all about is this NTLM hash relay vulnerability

that can be exploited to authenticate as any user where you manage to actually relay the NTLM hash.

Similar for the Microsoft Outlook remote code execution vulnerability, this allows Nethacker

even in Office protected view to then open a document in editing mode rather than protected

mode.

...