Hello, welcome to the Wednesday, June 15th, 2020 edition of the Sansomid Storm Center's Stormcast. My name is Johannes Ulrich. And today I'm recording from Jacksonville, Florida.

Well, it's patched Tuesday and, of course, the patch we were all waiting for, which the patch for c v.E 2020-3190 or the

fallina vulnerability did get released even though things were a little bit complicated here in the

sense that the release date for this patch was actually labeled as May 30th, so it didn't really show up in the normal June patch Tuesday feed.

But if you're applying the Rola patch, this Folina patch is included and you should be good to go.

Now, the patch fixes the command injection vulnerability in the diagnostic tool.

It does not prevent the diagnostic tool from being started.

So this was when this vulnerability was first discovered, a little bit the question, what's the actual vulnerability here?

And, well, the workaround actually

prevented the diagnostic tool from being started but the patch now does allow the diagnostic

tool to be started in a secure way so it's no longer exploitable if you want to be careful then

you may very well leave the

workaround in place, so the diagnostic tool does not start. Haven't really heard of any

side effects of that workaround. May as well keep it safe and don't allow the tool to be

started. In addition, of course, to applying the patch,

you definitely should apply this patch. Now, aside from the patch for this Falina vulnerability,

we do have yet another critical vulnerability being patched in Windows NFS.

This vulnerability, I think, should the third month in a row that we have critical

vulnerabilities being patched here, all of them, remote code execution vulnerabilities,

haven't seen any exploits for any of these vulnerabilities so far. So may not be the biggest problem here.

Also only affects the most recent version of NFS,

NFS version 4.1, which you may disable.

...