Hello and welcome to the Wednesday, June 14, 2020, 3 edition of the Sansonet Storms, Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Today was Microsoft's patched Tuesday, and we counted a total of 94 vulnerabilities being addressed this month.

Now, not all of these vulnerabilities are your classical patched Tuesday vulnerabilities.

There are 14 chromium-related vulnerabilities that were actually patched a little bit earlier

this month and, of course, included in Microsoft Edge.

There are also six GitHub vulnerabilities that are not typically sort of considered part of

the Microsoft patch set.

But when we are looking at the Microsoft patches, what's sort of interesting is, well,

what's actually not interesting, and that there are no

vulnerabilities this month that were prior to today disclosed or that are already exploited.

So no serodays, but we still have six different critical vulnerabilities.

None of them is really sort of a big screamer in the sense

that it's something that you absolutely have to patch right now. There are three critical

vulnerabilities in the Windows Pragmatic multicast service. This is a, well, as the name implies,

a multicast service, but one that actually includes also some reliability.

It's sort of a modified multicast protocol. You're likely only vulnerable if you also use Microsoft MessageQ.

So this one is a little bit more tricky to exploit, but still considered critical because it does allow arbitrary code execution.

And then there are also two new vulnerabilities in Microsoft Exchange.

These vulnerabilities are only considered important because they do require all of the occasion.

But remember, there were prior vulnerabilities in exchange that required authentication that were widely exploited.

Also interesting critical vulnerability in SharePoint.

...