ISC StormCast for Wednesday, March 11th 2020
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
SANS ISC Handlers
4.9 • 754 Ratings
🗓️ 11 March 2020
⏱️ 5 minutes
🧾️ Download transcript
Summary
Transcript
Click on a timestamp to play from that location
| 0:00.0 | Hello, welcome to the Wednesday, March 11, 2020 edition of the Sansonet Storm Center's Stormcast. |
| 0:07.9 | My name is Johannes Ulrich, and I'm recording from Jacksonville, Florida. |
| 0:13.7 | Well, at first glance, today's Microsoft Patch Tuesday looks rather average. |
| 0:19.2 | Yes, 117 vulnerabilities. 25 of them are rated critical, but none of the vulnerabilities were disclosed publicly before today, and also Microsoft has not seen any exploits against vulnerabilities being patched today. The vulnerabilities themselves look, well, sort of like |
| 0:38.4 | your average bunch of vulnerabilities for a patch Tuesday. Lots of fixes to the scripting engine, |
| 0:44.8 | a couple of vulnerabilities in office, Word, Excel, and the like. So overall, very average, |
| 0:52.3 | if it wouldn't be for a rather odd leak. |
| 0:56.1 | Now, this was first sort of noticed by some people on Twitter that the Cisco Talis research team |
| 1:06.5 | published a blog post indicating that one of the vulnerabilities CVE 2020 0796 is an |
| 1:15.5 | unauthenticated remote code exploitation vulnerability in the SMB version 3 protocol. |
| 1:23.9 | That's of course another sort of blue keep type vulnerability and something that's certainly serious. |
| 1:30.5 | Now, this CVE number is actually assigned in Microsoft's release to a link vulnerability that doesn't look like it has anything at all to do with SMB or SMB version 3. |
| 1:45.8 | So where does this all resolve? |
| 1:49.1 | Well, Microsoft also published a security advisory. |
| 1:53.3 | This advisory, 2000-0-05, I guess, is the right number for it it does describe the vulnerability that the Cisco Talis |
| 2:06.3 | block originally hinted on and that's that there is a vulnerability in current versions |
| 2:13.5 | of Windows in the SMB version 3 client as well as server that can be exploited |
| 2:20.3 | without all vacation. So yes, another blue keep. And there is no patch apparently. There's |
| 2:28.3 | also no CVE number in Microsoft's advisory. Instead, Microsoft says that you should turn off compression |
| 2:38.4 | for SMP version 3 and that'll protect your servers from exploitation, but clients continue |
| 2:45.7 | to be vulnerable. And in order to attack a client that's a little bit more tricky, you need |
| 2:50.4 | to get a user to actually connect to a malicious Smb server. Now, just a little bit about different |
... |
Please login to see the full transcript.
Disclaimer: The podcast and artwork embedded on this page are from SANS ISC Handlers, and are the property of its owner and not affiliated with or endorsed by Tapesearch.
Generated transcripts are the property of SANS ISC Handlers and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.
Copyright © Tapesearch 2026.