Hello and welcome to the Wednesday, March 13th, 2020,

for edition of the Santernet Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Well, it's patch Tuesday, so yes, today's podcast will cover a lot of patches.

And of course, let's start with Microsoft.

Microsoft delivered patches for 60 different vulnerabilities.

In addition to that, we also got four patches from chromium that affect Microsoft Edge.

60 vulnerabilities is sort of a little bit on the average,

maybe a little bit of the lower side,

but what's kind of really surprising is

there are no vulnerabilities here that are already being exploited,

so no zero days, no vulnerabilities that are already disclosed,

and we only have a total of two

critical vulnerabilities. And one of them is actually a denial of service vulnerability. Both

of the critical vulnerabilities are affecting Hyper V. Again, one is denial of service vulnerability.

The other, the remote code execution vulnerability,

does require that NetHacker actually has access to a virtual machine running within HyperV.

So it's really more one of these virtual machine escape vulnerabilities.

Other than that, there are a couple other, actually one specific vulnerability sort of of interest,

and that's remote code execution vulnerability in exchange server.

Now, this doesn't look like it's super easy to exploit.

It first requires that attacker already does have access to the exchange server,

...