Hello, welcome to the Wednesday, June 1st, 2020 edition of the Sandsenet Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Well, let's start with an update on the MSMSDT vulnerability that I pretty much dedicated the podcast to yesterday after recording

the podcast. Microsoft did release a knowledge-based article and an official vulnerability page

for this issue. We now also have CVE number 22, 32, 3190, and the name

Fulina has sort of caught on for this vulnerability. Microsoft at this point really doesn't

recommend anything different than what has been recommended before, and this is to disable

the MSDT URL protocol, and with that the diagnostic tool will no longer automatically

launch.

Also, various exploits have been released so far.

A lot of what we have seen is really just pen testers and people

experimenting with the vulnerability, but there are also some actual exploitation of this

vulnerability that are more prevalent now out in the wild. Before the vulnerability was released, there were only only two instances known of this

vulnerability being used, but now everything from Chinese APT to script kitties are using

this vulnerability.

In some cases like the one case that we have seen earlier today, the attacker

didn't even change out of some of the comments and such being left behind in the proof of

concept, exploit tools that were released. So very low effort attacks that are now taking

advantage of this vulnerability.

Nothing for Microsoft yet about a potential patch for this vulnerability.

The next patch Tuesday would be in two weeks on June 14th if my patch Tuesday math is correct.

...