ISC StormCast for Wednesday, January 11th 2017
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 11 January 2017
⏱️ 6 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Wednesday, January 11th, 2017 edition of the Sandsenet Stormsenders Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida. |
| 0:12.4 | Today we'll start, of course, with Microsoft's patch Tuesday and we actually can cover every vulnerability today in detail because there were only three vulnerabilities |
| 0:23.6 | and three bulletins to go with it this month. This is actually a little bit typical for January. |
| 0:30.6 | I posted a little graph in January. We usually only have sort of four or five different bulletins being published, probably because of the holidays. |
| 0:39.4 | Microsoft just didn't have the time to really come up with any more patches. |
| 0:43.8 | The first bulletin for the year fixes privilege escalation vulnerability in Microsoft's edge |
| 0:51.0 | browser. It deals with cross-domain policies and how they're dealt with with the |
| 0:57.8 | about plank pages. So just the privilege escalation vulnerability, nothing critical Microsoft, |
| 1:04.7 | and we as well rated as important. However, the vulnerability had already been disclosed. This month, no update for |
| 1:14.4 | Internet Explorer, so only this one for Microsoft Edge. The second bulletin fixes a vulnerability in |
| 1:21.5 | Microsoft Office and memory corruption vulnerability that can lead to code execution. Microsoft rates it as important because the user |
| 1:30.5 | has to open a document. We rate code execution vulnerabilities like this as critical, at least |
| 1:37.4 | for clients. Nothing publicly disclosed or exploited about this vulnerability so far. Now then the numbering gets a little bit |
| 1:45.9 | tricky. The third Microsoft bulletin was actually MS-14-4. That one addresses a denial of service |
| 1:54.0 | vulnerability in the LSAS, the local security authority subsystem service. |
| 2:03.4 | That one is, again, rate as important. |
| 2:06.0 | It's only a denial of service. |
| 2:13.1 | The third bulletin in Microsoft's numbering is actually the Adobe Flash Player bulletin, |
| 2:21.3 | and that, of course, also affects Microsoft's browsers like in Explorer 10, 11 and Edge. Now Adobe fixed a total of 13 vulnerabilities in its flash update. |
| 2:28.3 | They can lead to remote code execution and I would actually rate that update as the number one, the most important |
| 2:35.6 | update to apply this time around. Adobe also updated a PDF reader bulletin that they released |
| 2:43.4 | earlier this month and that one fixes 29 vulnerabilities. Again, they also can lead to code execution. So short summary here, I would say start |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.