Hello, welcome to the Wednesday, July 13, 2016 edition of the Sansonet Storm Center's

Stormcast.

My name is Johannes Ulrich, and the day I'm recording from Jackson, Florida.

Microsoft's patched Tuesday, of course, kept us busy today.

We got a total of 10 bulletins from Microsoft and then one from Adobe regarding Adobe's Flash

Player which also is reflected in an 11th bulletin from Microsoft. So out of these 11 bulletins

total we got six critical and the remainder being important.

Starting out with the usual cumulative security update for Internet Explorer and the cumulative

security update for Microsoft Edge. This is MS-16-084 and 85 respectively.

Interestingly, almost the identical number of vulnerabilities being

addressed here in these two browsers. A lot of overlap also in the CVE numbers. In the past

typically Microsoft Edge had a much smaller number of CVEs but I guess it's catching up and now with Internet Explorer

and then also as usual MS 1686 the third critical patch here it patches the

J-Script V-B script scripting engine for older operating systems older browsers for recent operating systems, you will find this patch included in the respective Edge or in an Explorer patch.

Now, what gets interesting is MS-1687.

This is a security update for Microsoft's print spooler. This affects clients, not so much servers really, but of course if a server has to print,

that may affect servers as well, which is why we did rate it critical for servers and clients.

The nature of this vulnerability is that Microsoft Windows,

if it connects to a printer to print, there is an option where the printer will offer a driver for download.

This is of course very convenient in particular if you have printers that are shared at offices or such

where users come with their own devices to print the driver will be installed

automatically well in this case malicious software can be installed by anybody

...