Hello, welcome to the Wednesday, May 18th, 2016 edition of the Sandstone Storm Center's Stormcast.

My name is Johannes Ulrich and today I'm recording from Jacksonville, Florida.

We got a couple of high-profile vulnerabilities to start out with.

The first one is actually an older vulnerability while older in the sense that it was patched

by Cisco back in February.

And the vulnerability is a buffer overflow vulnerability in the Ike version 1 and version 2 code

in Cisco VPN concentrators.

Now the problem here is that we now have an exploit was published for this vulnerability

that will give an attacker a remote shell on your Cisco gear.

So certainly if you haven't patched yet, it's overdue and you should make sure that you

either patch or if you can disable the IPSEC functionality

if you don't happen to actually use it.

And the second vulnerability that we have is ironically also in security software.

In this case it's semantic antivirus and it is susceptible to a pretty straightforward,

actually, memory access violation due to malformed PE headers. Now, this has been patched by

Symantec, so make sure you download the patch. There is a proof of concept available.

It essentially just tests it and cause a kernel panic.

But a working exploit would lead to privilege escalation in this particular case.

An attacker that is already on your system and detects that you're running semantic antivirus could use

semantic antivirus to escalate privileges.

And Kasperski is continuing.

It's a wag the mole game with the Crypt-Triplex gang.

...