Hello, welcome to the Wednesday, March 10th, 2021 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

Well, today, of course, Microsoft Patch Tuesday with 122-1 abilities being addressed, 14 of which are critical and 5 have already been exploited.

Two of the vulnerabilities had been disclosed prior to dispatch Tuesday being released.

Now out of the 5 being exploited vulnerabilities, four are of course Microsoft

Exchange Server vulnerabilities. These vulnerabilities were patched on March 2nd and, well,

we talked about them already a number of times here in the podcast, had some diaries about it. If you haven't patched

them yet, you're pretty certainly exploited if your exchange server is exposed to the internet.

The fifth vulnerability that's already being exploited is a remote code execution vulnerability

in Microsoft Edge and Internet Explorer 11.

This vulnerability can be exploited as the user visits malicious website.

So yeah, classic drive-by style vulnerability.

Now, aside of these already being used vulnerabilities, there's one that I think

is in particular interesting because we already had so many vulnerabilities over the last

12 or so month in Windows DNS server. Yes, yet another critical remote code execution

vulnerability in Windows DNS server with a CFSS score of 9.8.

This vulnerability affects the standalone DNS server as well as the DNS server integrated with Active Directory.

Now, in order to be vulnerable, the DNS server has to support dynamic updates.

Dynamic updates are typically only used sort of internally for DHCP servers and such

to notify the DNS server of a new host on the network and update IP address accordingly.

What's not really clear from the advisory is if these dynamic updates have to be

properly authenticated.

Just guessing, I think they will have to be authenticated.

...