Hello, welcome to the Wednesday, November 10th, 2021 edition of the Sandstone Storm Center's Stormcast.

My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

Well, it's patched Tuesday and we got patches from Microsoft for 55 different vulnerabilities.

Six of the vulnerabilities are rated critical.

Four were previously disclosed.

And then we have two vulnerabilities that have already been exploited according to Microsoft.

The first of the two already exploited vulnerabilities is CBE 20, 21, 4232,1, and this vulnerability affects well of all places Microsoft Exchange.

Now, this vulnerability isn't quite as bad as some of the prior vulnerabilities that we have seen in exchange,

a user needs to be authenticated in order to exploit it. But once authenticated, this

vulnerability allows for arbitrary code execution due to an improper validation of command-led arguments.

So this would be something where someone fished some credentials

and is now trying to get full access to your exchange server.

The fix, as usual, move to Outlook 365 and forget about running exchange on site.

At least that appears to be the standard fix that most organizations employ these days

once their exchange server is compromised.

The second already exploited vulnerability is CBE 2021-42292, and this is a security feature bypass in Microsoft Excel.

What this comes down to is that it's possible for an attacker to get you to execute code

in Excel without a warning.

Now, there have been a couple exploits like this disclosed recently.

Not sure if this is exactly what's being patched here, but given, of course, how many attacks

we see coming in with office macros, whether it's Excel or whether it's worth, this is

certainly something that you should pay attention to and patch quickly.

...