meta_pixel
Tapesearch Logo
Log in
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

ISC StormCast for Wednesday, June 8th, 2022

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS ISC Handlers

Tech News, News, Technology

4.9696 Ratings

🗓️ 8 June 2022

⏱️ 6 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. DogWalk Windows 0-Day; QBot uses Follina; Deadbolt Update; Android Patches

Transcript

Click on a timestamp to play from that location

0:00.0

Hello, welcome to the Wednesday, June 8, 2020 edition of the Sands and its Storm Center's Stormcast.

0:08.5

My name is Johannes Ulrich, and I'm recording from San Francisco, California.

0:14.6

Well, looks like we are not quite done yet with vulnerabilities related to the MSDT.E executable that, of course, was responsible for the

0:26.9

Fallina vulnerability. The next vulnerability, which is also not yet patched, came from

0:33.6

security researcher, Imri Rat, and, well, it's a simpler vulnerability. It's not quite as bad as

0:40.5

Fallina, but still something that you should be aware of. Essentially, it allows Nethacker to send you

0:48.8

a specially crafted file. The file being used here is a dieg CFG file. Now this troubleshooting tool has the

1:00.0

ability to download these diagnostic packages from the internet. They have to be properly

1:06.8

digitally signed. Otherwise they're not executed. So this prevents diverse the exploits here.

1:14.4

However, before the signature actually validated, NetHacker may trigger a copy of the file into any

1:23.6

directory the user has access to, which could include, for example, startup folders.

1:30.4

So the proof of concept here uses this mechanism in order to essentially launch the calculator on login.

1:39.6

So first of all, this is an easy mechanism to gain persistence on a system after an exploit is being launched.

1:48.2

In addition, this bypasses the mark of the web, and also chromium-based browsers do not necessarily flag this.

1:58.4

Microsoft Defender apparently doesn't pick up on this either.

2:02.4

So really more sort of a bypass and persistent mechanism than code execution vulnerability.

2:09.9

Microsoft did respond to the researcher here stating that they're not considering this

2:15.2

something that needs to be fixing.

2:16.8

And I think on your side for the Defender. stating that they're not considering this something that needs to be fixing.

2:21.4

And I think on your side for the defender,

2:27.0

it's probably just the safest thing to do to make sure that these files are not being transmitted via email,

2:30.2

because that would probably be the predominant and simplest attack vector here.

...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.

Copyright © Tapesearch 2025.