Hello, welcome to the Wednesday, May 9th, 2018 edition of the Sansonet Storm Center's Stormcast. My name is Johannes Ulrich, and I'm recording from Indianapolis, Indiana.

Microsoft Patch Tuesday, of course, is at the top of the news. Today we got patches for a total of 67 different vulnerabilities,

two of which were already used in attacks in the wild.

The biggest one, CVE 2018, 81, 74.

This is the vulnerability that was announced by Chihu 360, a Chinese security company, a couple of weeks ago.

We had little details back then, other than that Chihu 360 has spotted use of the vulnerability in targeted attacks.

Turns out it's an Innet Explorer, actually a

visual basic script vulnerability. This vulnerability is not just exploitable in Inan Explorer itself,

but also in software that uses the underlying Innet Explorer rendering engine to render HTML.

The second vulnerability that has already been spotted in the wild is CVE 2018-812.

This is a privilege escalation vulnerability in Win 32K, so less of a problem, of course,

than the remote code execution vulnerability in Internet Explorer.

Included in this set of updates is also the fix for the Windows host compute service shim remote code execution vulnerability that was released last week.

This component was released early 2017 and it's used by HyperB in order to allow you to

launch Windows server containers using, for example, either Go or C Sharp.

This would be exploited when you're importing any containers, so probably less of a problem

than the other vulnerabilities. As kind of usual, most of the critical vulnerabilities affect

Internet Explorer. There's also a critical vulnerability in Microsoft's Exchange server. That's

memory corruption, not a lot of detail

here, but exploitation is less likely according to Microsoft. As far as patch priorities go,

well, I would say Internet Explorer wins this month. The other patch is not quite as critical,

but still something you should apply. And of course

...