Hello, welcome to the Wednesday, June 14th, 2017 edition of the Santernut Storm Center's

Stormcast. My name is Johannes Ulrich and I'm recording from Jackstville, Florida.

And today, second Tuesday of the month, so we do have updates from Microsoft and Adobe.

Total of 90 plus different vulnerabilities that Microsoft

patches this month out of those vulnerabilities, there are two that I think deserve special

attention. The first vulnerability CVE 2017-84-64, it is already being exploited in the wild, according to Microsoft, even though details about the vulnerabilities have not been released publicly yet.

The problem here are Windows shortcuts. Now in Windows these are small files. One of the things

that represented inside the file is a link to an icon that's being used to display the link.

Now if this file turns out to be malicious then code execution happens. I do remember reading something a

month or so ago and I think I mentioned it in the podcast about the image files being

confused for script files. Can't find it right now but there may actually have been some

details already been made public here.

Now, this isn't the first time that these link files cause problems.

Remember, the famous Stuxnet vulnerability, for example, to exploit this.

And attacker would, of course, first of all, give the victim a USB stick, for example, and just

by looking at the directory on the USB stick, this vulnerability would be triggered.

This can also be executed remotely if I'm sending the victim a link to an SMB file share, then this

vulnerability will be triggered as well if this file share contains a malicious link file.

The second vulnerability CVE 2017-8543, it's also already being exploited and it really has sort of all the

ingredients that made Eternal Blue and want to cry such a big deal again it's

SMB file shares that are at risk here in In this case, malicious search message will execute arbitrary

code. This apparently does not use any authentication. So an unauthenticated user can execute

...