Hello, welcome to the Wednesday, May 13th, 2020 edition of the Sansanet Storm Center's

Stormcast. My name is Johannes Ulrich. And I'm recording from Jacksonville, Florida.

Of course, we got Microsoft's patched Tuesday to start out with, now many have sort of expected

a lighter patch Tuesday.

I would rate it as average.

We have a total of 111 vulnerabilities being addressed, and 16 of these vulnerabilities are rated

critical.

On the good side, none of the vulnerabilities have been disclosed previously and none of them

have already been exploited.

Now the one vulnerability that sort of caught a little bit my attention was a vulnerability

or actually three vulnerabilities in Microsoft SharePoint and these are remote code

execution vulnerabilities. All three are rated critical. However, in order to exploit this

vulnerability, an attacker would have to be able to upload a crafted SharePoint application package to an affected version of SharePoint.

So certainly one of those things that you probably do want to address quickly because SharePoint

tends to be a little bit more exposed. The other critical vulnerabilities are for the most part

confined to the web browser

and related software, at least as far as exploitability goes.

So well, certainly nothing that you should ignore, but on the other hand, it's also more

of the same that we get every single month.

From Adobe, we only got patches for the Adobe DNG software development kit, which are probably

not really all that big of a problem, but then we also got patches for a pretty long list,

I think 24 different vulnerabilities in Adobe Acrobat

...