Hello, welcome to the Wednesday, March 15th, 2017 edition of the Sands and at Storm Center's Stormcast. My name is Johannes Ulrich, and the day I'm recording from Jacksonville, Florida.

Today, of course, Microsoft patched Tuesday, and it was a bit larger than normal given that Microsoft skipped the February edition.

In February we only got Adobe's bulletin, which was, as usual, republished by Microsoft.

So 18 bulletins total, a bit more than normal, not necessarily twice than normal, but given

that some of the bulletins probably got combined

between February and March, like for example the Internet Explorer and Internet Edge

Bulletin.

As mentioned in a diary I wrote up earlier today, probably the most scary bulletin here is

the one that affects SMB servers.

There are a total of five different vulnerabilities that are being addressed by this bulletin

that do allow remote code execution vulnerabilities for unauthenticated users.

So this does indeed sound quite warmable,

certainly very dangerous, given that SMB is still often exposed.

Now Microsoft also rates the exploitability of these vulnerabilities with one,

which is the lowest rating that Microsoft

offers and means that we will likely see exploits for these vulnerabilities.

And then we got two more server-related bulletins. The first one, MS-1715, which affects Outlook web access, and MS-17-16, which affects

IIS.

Both of them are cross-site scripting vulnerabilities.

So what you can do with that particular vulnerability depends very much on the user you can snare into clicking on a link or get exposed

to the JavaScript.

There are also six different bulletins that either fix a vulnerability that already has been

...