Hello and welcome to the Wednesday, July 12, 2023 edition of the Sans and the Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Washington, D.C. here from Sands Fire.

Thanks to the listeners who attended the keynote today.

It was available online, not sure how many of you

have watched it online. A recording should also be shortly available. The link on the website

will eventually then link to the recording of this keynote. But well, of course, today we do

have Microsoft's Patch Tuesday to talk about and well, of course, today we do have Microsoft's patch Tuesday to talk about, and well, it was a quite active release of new patches.

132 vulnerabilities were patched, nine of the wallablies are rated critical, and then we have six or five, depending on how you count, exploits that

have already been seen used in the wild, so zero days.

The reason I say, well, that there's five or six depending on your account, not all the

zero days actually have patches.

There is a special blog post by Microsoft about CVE

2023-36884. This is a remote code execution vulnerably in Microsoft VIRT. Yes, there are details

about it. Yes, there are some workarounds for it, but there is no patch yet for it. An out-of-cycle

patch may follow shortly. Then there's also CVE 20203.3.11. This is a Microsoft Outlook

security feature bypass that's exploited in the wild. Exploid code can run in the preview pane, and essentially the bypass here is that security

warnings are not being shown.

And then also already exploited is a vulnerability in Windows MSHtml.

This could be exploited by opening a crafted file in email

or, of course, by visiting a malicious website.

MS-2020-3-32049.

...