Hello, welcome to the Wednesday, May 11, 2020 edition of the Sandcent Storm Center's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Well, it's Microsoft Patch Tuesday, and with that we got updates for 74 75 vulnerabilities depending on how you count them.

Three of these vulnerabilities have been known prior to patch Tuesday and one of the three or one of the 75 has already been actively exploited.

Now the one that's already actively exploited, of course,

is getting a lot of news coverage here,

and it is a Windows LSA spoofing vulnerability.

So essentially, it does allow NetHacker to bypass authentication.

Now, Microsoft stated that while overall the CVS score is 8.1 and important,

this is a critical vulnerability if you're still using NTLM hashes in order to authenticate,

which of course is something that you shouldn't be doing anymore in the first place. In general, the vulnerability

does enable relay attacks. NetHacker does have to have a machine in the middle position

in order to exploit the vulnerability. Certainly patch it, don't delay patching, but

important is the right ranking for this particular

vulnerability, in my opinion.

And we do have two critical vulnerabilities that deserve special mentions.

One is a remote code execution vulnerability affecting the Windows network file system.

That's CVE 2020-26937. Last month, we did have a similar

vulnerability for NFS. Same researchers discovered it, so the two are likely related. NFS is not really used

much in Windows networks typically so that somewhat lessens the impact

here, but CVSS score is 9.8.

...