Hello, welcome to the Wednesday, January 9th, 2019 edition of the Santernut Storm Center's

Stormcast. My name is Johannes Ulrich, and then I'm recording from Jacksonville, Florida.

Big news today, of course, Microsoft's patched Tuesday. We got 49 or 51 vulnerability's patch,

depending on how you exactly count them.

Only eight of them, I believe, are rated critical.

So overall, an average patch Tuesday, one vulnerability was already publicly known, but this

time around, no vulnerability is fixed that has already been exploited. Now, there is one

vulnerability that sort of sticks out, and that's CVE 2019 547. This is a vulnerability in

the Windows 10 or server version 1803, the HCP client. So interestingly, only the latest, greatest operating system versions are vulnerable,

older versions are not affected.

The tricky part here is that this is one of those vulnerabilities you can't really do

much about.

You have to accept the HCP leases in many networks, in particular

if you of course you're connecting to a Wi-Fi network somewhere. So this would be a classic

vulnerability to be exploited by a rogue access point, for example. At this point, we don't

really know much about this vulnerability other than what Microsoft

told us and, well, one of the items Microsoft noted is that it shouldn't be all that difficult

to write an exploit for this and that exploitation is likely for this vulnerability. So this one

vulnerability should certainly be sort of at the top of your patch priority list.

Another big issue is CV 2019 586.

This vulnerability affects Microsoft Exchange and it does allow an attacker to take control

off an exchange server just by sending a specially crafted email

...